Further in reply to comment 67: You make reasonable points (though not new ones) but a fixed bug is not the place to argue policy. For now we have decided that compliance with the RFC--or rather, consistent behavior amongst browsers--is safer for users if occasionally inconvenient for administrators.
If you want to argue for different behavior then the mailing list/newsgroup mozilla.dev.tech.crypto is the right place (or maybe the new mozilla.dev.security.policy?)
Further in reply to comment 67: You make reasonable points (though not new ones) but a fixed bug is not the place to argue policy. For now we have decided that compliance with the RFC--or rather, consistent behavior amongst browsers--is safer for users if occasionally inconvenient for administrators.
If you want to argue for different behavior then the mailing list/newsgroup mozilla. dev.tech. crypto is the right place (or maybe the new mozilla. dev.security. policy? )