On Tue, 2018-05-29 at 12:33 +0300, Claudio Saavedra wrote: > On Tue, 2018-05-29 at 11:30 +0200, Anne van Kesteren wrote: > > On Tue, May 29, 2018 at 11:20 AM, Claudio Saavedra <csaavedra@igali > > a. > > com> wrote: > > > So if this is a security bug, I'm understanding that the desired > > > behavior would be the one described in 11.2. What can be done in > > > the > > > specification to deal with this? Can it be reworded/updated? How > > > can we > > > implementors know which of the behaviors described in 8.1 or 11.2 > > > is to > > > be honored? > > > > I'm not sure. Raising errata would be good, but it's always a > > little > > bit unclear to me whether it's going to be accepted, but at least > > there's a way to find the issue then (other than browsing the > > mailing > > list), even if not accepted. After that it's probably updating the > > document, which is rather involved. > > Thanks, I'll raise an errata then and follow 11.2 in the > implementation for now.
Errata for this in https://www.rfc-editor.org/errata/eid5372 Claudio _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
