- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 12 Jan 2018 10:16:55 +1100
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On 12 Jan 2018, at 9:38 am, Eric Rescorla <ekr@rtfm.com> wrote: > > I am looking for text which is technically accurate. the current text is not, for any sense of "obtain". What is required here is that the server authenticate to the client with a private key that corresponds to a certificate which passes the suitable tests. That's entirely different from "obtain". How about: Original: """ Note that for a connection to be considered authoritative for a given origin, the client is still required to obtain a certificate that passes suitable checks...""" Update: """ Note that for a connection to be considered authoritative for a given origin, the server is still required to present a certificate that passes suitable checks...""" -- Mark Nottingham https://www.mnot.net/
Received on Thursday, 11 January 2018 23:17:24 UTC