Re: TLS error handling in XMLHttpRequest

Anne van Kesteren wrote:
> 
> On Fri, 16 May 2008 11:54:14 +0200, Thomas Roessler <tlr@w3.org> wrote:
>>>> (ACTION-444 in Web Security Context.)
>>
>> I would suggest to explicitly say that a failure of the server
>> identity check (section 3.1 of RFC 2818) MUST cause the client to
>> terminate the connection.
>>
>> (RFC 2818 gives a choice of either giving the user a choice or
>> terminating the connection.)
> 
> I made it more explicit that user interaction is not be to performed. 
> Could the Web Security Context WG let me know whether this satisfies 
> their comment?

Hmmm. Maybe I'm missing something, but why would user interaction be 
allowed for HTTP authentication, but not in these cases?

BR, Julian

Received on Tuesday, 27 May 2008 12:38:50 UTC