On Wed, Apr 16, 2025 at 12:44:32PM -0400, Erik Nygren wrote: > So perhaps: > > "(The HTTP client MUST NOT resolve and/or MUST ignore any HTTPS DNS RRs > [RFC 9460]. > It also MUST NOT automatically apply an HSTS behavior to auto-upgrade to > the HTTPS scheme.)". ?
A "MUST NOT ... and/or MUST ..." construction feels a bit clunky. And we might provide a direct reference for the HSTS behavior that we mean (assuming that we're just talking about the RFC 9460 one), so perhaps: "The HTTP client MUST ignore the presence and content of any HTTPS DNS RRs [RFC 9460] for the domain name being verified. This includes, but is not limited to, a requirement that the HTTP client MUST NOT apply the strict transport security behavior specified in Section 9.5 of [RFC9460]." -Ben _______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
