W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Yoav Nir <ynir@checkpoint.com>
Date: Sun, 26 Feb 2012 09:45:09 +0000
To: Mark Nottingham <mnot@mnot.net>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, IETF-Discussion Discussion <ietf@ietf.org>, The IESG <iesg@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <3B23D486-B6B0-4BF4-8B23-9CC2BB911DD6@checkpoint.com>

On Feb 26, 2012, at 2:44 AM, Mark Nottingham wrote:

> 
>> 
>> I proposed a plan that I think might allow us to make progress
>> on that. I believe we could.
> 
> OK, great. 
> 
> Could you please explain why you think tying this effort to HTTP/2.0 is necessary to achieve that? To me that's the critical bit, and I still haven't seen the reasoning (perhaps I missed it).

I think I have *an* answer to this, though probably not *the* answer.

There's two stages to adoption - implementation and roll-out. Obviously you can't roll out "new authentication" before the browsers and servers implement it. For my website, I wouldn't roll out new auth if only one or two of the browsers out there implemented it. Even if all the big ones (IE, Firefox, Chrome, Opera) did, I would still have to provide a backwards compatibility authentication scheme to support older browsers. This would lead to both inconsistent UI and to ugly javascript that detects the browser version, and makes the roll-out slower.

If any HTTP/2.0 browser is bound to have "new authentication" it makes things much easier.

This could be circumvented by adding request headers that advertise capabilities, but I don't think we like those much.

Yoav
Received on Monday, 27 February 2012 09:37:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT