Re: TLS error handling in XMLHttpRequest

On Fri, 16 May 2008 11:54:14 +0200, Thomas Roessler <tlr@w3.org> wrote:
>>> (ACTION-444 in Web Security Context.)
>
> I would suggest to explicitly say that a failure of the server
> identity check (section 3.1 of RFC 2818) MUST cause the client to
> terminate the connection.
>
> (RFC 2818 gives a choice of either giving the user a choice or
> terminating the connection.)

I made it more explicit that user interaction is not be to performed.  
Could the Web Security Context WG let me know whether this satisfies their  
comment?

Kind regards,


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Tuesday, 27 May 2008 12:29:45 UTC