On Mon, Feb 23, 2009 at 1:48 PM, Breno de Medeiros <[email protected]> wrote: > An application would have to use host-meta for a particular aim (e.g., a > browser discovering default charsets) and implement the spec blindly without > regard to security considerations.
Just because we can pass the buck to application-land doesn't mean we should write a spec full of security land mines. Adam
