> Thanks for taking the time to provide feedback and my apologies for the delayed reply. Comments inline.
Ditto what Peter said. I'll try to read more during this week (sigh, Nomcom), but just on one issue: >> (2) The document makes several references to URIs, but only RFC >> 3986 appears to be referenced. In the real world in which >> certificates are established and used and in which differences >> in specifications and practices often provide opportunities for >> exploitation by would-be evildoers, there are at least two, >> probably three, URI specifications (IETF/RFC3896, WHATWG, and >> maybe W3C). Each is treated as authoritative by some Internet >> actors and they are not consistent with each other. That >> situation and its implications should be pointed out, at least >> as a Security Consideration. I took a brief look, and think should just mention there are other specifications for URLs and they might differ. I could not find anything in the WHATWG spec that disagrees with RFC 3896 about the "host" identifier, and that's the only thing that this draft cares about. The W3C doc at https://www.w3.org/TR/url-1/ points to RFC 3896 and says it is discontinued. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
