W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Removing CREDENTIAL

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 21 Feb 2013 20:53:14 +1100
Cc: "Brian Raymor (MS OPEN TECH)" <Brian.Raymor@microsoft.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <4262157F-121A-4271-9EB9-44D5B22534E7@mnot.net>
To: Roberto Peon <grmocg@gmail.com>
OK, marking it for the editors to do, then.

Regards,


On 21/02/2013, at 2:30 PM, Roberto Peon <grmocg@gmail.com> wrote:

> 
> 
> 
> On Wed, Feb 20, 2013 at 7:06 PM, Brian Raymor (MS OPEN TECH) <Brian.Raymor@microsoft.com> wrote:
> In the Speed+Mobility draft, we removed CREDENTIAL because:
> 
>    CREDENTIAL:  This is removed from HTTP Speed+Mobility because we
>       believe it is not compatible with options such as TLS SNI.  For
>       this proposal, a session MUST only target one origin as described
>       in [RFC6454].
> 
> Concerns were also raised in "CREDENTIAL really needed?" (https://groups.google.com/forum/?fromgroups#!searchin/spdy-dev/credential/spdy-dev/WazzPBFbdpk/yayPrNTehYYJ). Based on the responses, it appears that CREDENTIAL was an experimental feature not used in SPDY/3, but intended to be replaced with a different design in the future; therefore, it could safely be deprecated or ignored.
> 
> Correct.
>  
> 
> I propose that CREDENTIAL be removed from the HTTP/2.0 draft. Related issue:
> 
> https://github.com/http2/http2-spec/issues/39
> 
> +1, at least until we get to doing DNS/CERT push, but no need for it today.
> -=R
>  
> 
> 
> 
> Brian Raymor
> Senior Program Manager
> Microsoft Open Technologies, Inc.
> A subsidiary of Microsoft Corporation
> 
> 
> 
> 

--
Mark Nottingham   http://www.mnot.net/
Received on Thursday, 21 February 2013 09:53:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 21 February 2013 09:53:53 GMT