W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Upgrade status for impl draft 1

From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 27 Feb 2013 13:52:01 -0800
Message-ID: <CA+9kkMD_kzgzUvOOxvXSg_uj1TEcioNPwBhq694LwJ2VP3Q-NA@mail.gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: (wrong string) 陈智昌)" <willchan@chromium.org>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org> 
On Wed, Feb 27, 2013 at 1:44 PM, Eliot Lear <lear@cisco.com> wrote:
> Ted, the problem is that then we are essentially requiring TLS for
> implementation of HTTP 2.0.  We've said we're not going to do that.

I don't think this is quite right.  I think it means that if you use
the DNS hints mechanism, you should expect TLS.  If you have other
upgrade methods, they would not be impacted.  That doesn't require TLS
for implementation of HTTP 2.0 itself.

> But
> also, the problem you describe is within control of both clients (albeit
> with a linkage to DNSSEC) and servers by not linking two secure and
> insecure services.  Ultimately what is proposed represents no change
> because the server itself has to provide whatever capability we're
> discussing.
>
I don't really follow this; can you rephrase it?

Ted


> Eliot
Received on Wednesday, 27 February 2013 21:52:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 February 2013 21:52:30 GMT