On Sun, Jun 10, 2012 at 12:52 PM, Tobias Gondrom <tobias.gond...@gondrom.org> wrote: > IETF has received the request for errata.
And apparently it has been rejected... > Best is probably to submit it as an issue in the websec tracker for the > origin draft / RFC. > (or you can also post it to the websec mailing-list) Can someone else do that maybe? I'd like to avoid subscribing to too many lists. > However, please note that there would only be action on this item if/when > RFC6454 gets an update, unless you make a sufficiently strong case for why > there needs to be an errata/update now or in the very near future. Well, this was done for CORS, but it turns out CORS does not need it (it was a design error). Keeping it in is harmful as others may try to mistakenly use the outlined pattern. -- Anne — Opera Software http://annevankesteren.nl/ http://www.opera.com/
