Re: Upgrade status for impl draft 1 from Ted Hardie on 2013-02-27 (ietf-http-wg@w3.org from January to March 2013)

From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 27 Feb 2013 13:52:01 -0800
To: Eliot Lear <lear@cisco.com>
Cc: "William Chan (???)" <willchan@chromium.org>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CA+9kkMD_kzgzUvOOxvXSg_uj1TEcioNPwBhq694LwJ2VP3Q-NA@mail.gmail.com>

On Wed, Feb 27, 2013 at 1:44 PM, Eliot Lear <lear@cisco.com> wrote:
> Ted, the problem is that then we are essentially requiring TLS for
> implementation of HTTP 2.0.  We've said we're not going to do that.

I don't think this is quite right.  I think it means that if you use
the DNS hints mechanism, you should expect TLS.  If you have other
upgrade methods, they would not be impacted.  That doesn't require TLS
for implementation of HTTP 2.0 itself.

> But
> also, the problem you describe is within control of both clients (albeit
> with a linkage to DNSSEC) and servers by not linking two secure and
> insecure services.  Ultimately what is proposed represents no change
> because the server itself has to provide whatever capability we're
> discussing.
>
I don't really follow this; can you rephrase it?

Ted


> Eliot

Received on Wednesday, 27 February 2013 21:52:28 UTC