This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
A comment, as requested. This RFC suggest extensions that as an idea is just horribly broken. Using the HTTP protocol is an idiotic way to implement this. If you want to secure the web, IP-SEC is the way to make sure you talk to the right server. If you want to deliver specific data from a server to a client, use the interpreter of that data to handshake and decrypt that encrypted data. Write a god damned plugin for Chrome/Firefox that is needed for your content. Using the protocol that delivers all kinds of data and locking it down for just your use case is not only stupid, but also un-elegant and technically less sensible. Not only that. In order to make the most money on the web, you need to get as many people on the train as possible. Taking an open medium where people can connect freely and in a simple way create and share content and limit is a bad idea. Browsing 1000 sites those people get exposed to hundreds of ads. The revenue from that will dry up at once if the HTTP access way is limited to a single file encrypted lane. You will all earn *less* money that way. And this is "do no evil" in what way? Scrap this junk.