On Tue, May 29, 2018 at 11:20 AM, Claudio Saavedra <[email protected]> wrote: > So if this is a security bug, I'm understanding that the desired > behavior would be the one described in 11.2. What can be done in the > specification to deal with this? Can it be reworded/updated? How can we > implementors know which of the behaviors described in 8.1 or 11.2 is to > be honored?
I'm not sure. Raising errata would be good, but it's always a little bit unclear to me whether it's going to be accepted, but at least there's a way to find the issue then (other than browsing the mailing list), even if not accepted. After that it's probably updating the document, which is rather involved. -- https://annevankesteren.nl/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
