On 2/27/13 4:43 AM, William Chan (陈智昌) wrote: > > QQ over here. Is this assuming only unencrypted HTTP/2? I believe > Patrick was hoping to bootstrap serving http:// URLs via HTTP/2 over > SSL, using the external discovery mechanism (DNS most likely). If so, > I'm unclear on whether or not we need to describe behavior WRT > TLS-NPNesque negotiation. Perhaps we should fork the thread for this... > This *is* possible, but with a big caveat: DNS should offer alternatives that have the same security level –– UNLESS DNSSEC is in play. Otherwise there's a downgrade attack in the making. EliotReceived on Wednesday, 27 February 2013 06:33:26 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 February 2013 06:33:28 GMT