On 08/31/2015 05:54 PM, Martin Thomson wrote: > On 31 August 2015 at 05:02, Florian Weimer <[email protected]> wrote: >> MUST NOT automatically complete incomplete chains > > Um, no. I realize that this is a feature that is hard for others to > replicate, but being able to reach sites is important to people. All > browsers do this, and I don't see any reason to stop.
The reason to stop is that people only test with long-running, well-used browser profiles, and it is difficult to explain to them that things don't work if you just installed a fresh system. I lost countless hours to that. As in other cases, browsers papering over site configuration errors causes ecosystem damage. -- Florian Weimer / Red Hat Product Security _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
