W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Removing CREDENTIAL

From: Roberto Peon <grmocg@gmail.com>
Date: Wed, 20 Feb 2013 19:30:45 -0800
Message-ID: <CAP+FsNfgYhp5oTbAwmk6mwo7fLUx3_K5Gor34=i6X88ACMG2cA@mail.gmail.com>
To: "Brian Raymor (MS OPEN TECH)" <Brian.Raymor@microsoft.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Wed, Feb 20, 2013 at 7:06 PM, Brian Raymor (MS OPEN TECH) <
Brian.Raymor@microsoft.com> wrote:

> In the Speed+Mobility draft, we removed CREDENTIAL because:
>
>    CREDENTIAL:  This is removed from HTTP Speed+Mobility because we
>       believe it is not compatible with options such as TLS SNI.  For
>       this proposal, a session MUST only target one origin as described
>       in [RFC6454].
>
> Concerns were also raised in "CREDENTIAL really needed?" (
> https://groups.google.com/forum/?fromgroups#!searchin/spdy-dev/credential/spdy-dev/WazzPBFbdpk/yayPrNTehYYJ).
> Based on the responses, it appears that CREDENTIAL was an experimental
> feature not used in SPDY/3, but intended to be replaced with a different
> design in the future; therefore, it could safely be deprecated or ignored.
>

Correct.


>
> I propose that CREDENTIAL be removed from the HTTP/2.0 draft. Related
> issue:
>
> https://github.com/http2/http2-spec/issues/39


+1, at least until we get to doing DNS/CERT push, but no need for it today.
-=R


>
>
>
> Brian Raymor
> Senior Program Manager
> Microsoft Open Technologies, Inc.
> A subsidiary of Microsoft Corporation
>
>
>
>
Received on Thursday, 21 February 2013 03:31:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 21 February 2013 03:31:14 GMT