- From: Zhong Yu <zhong.j.yu@gmail.com>
- Date: Mon, 22 Jul 2013 11:47:48 -0500
- To: Mike Belshe <mike@belshe.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Suppose a TLS connection is established without ALPN. Then an HTTP/1.1 request is sent over with Upgrade: HTTP/2.0. How should the server respond? 1. drop the connection 2. respond with a 400 error 3. ignore Upgrade header, treat it as a normal request 4. upgrade the connection to 2.0 The simplest and the most sensible thing to do seems to be #4. If that's the case, it means most servers would not enforce the requirement of ALPN. This may start an evolution path that under the pressure of interoperability eventually all implementations treat ALPN as optional. Though "Upgrade" mechanism is less ideal than ALPN, since the server must support it anyway on TCP connections, I don't see why we should forbid it on TLS connections. Zhong Yu On Mon, Jul 22, 2013 at 11:01 AM, Mike Belshe <mike@belshe.com> wrote: > It should be available quite easily through OpenSSL and NSS long before > http/2 ships. > > The structured integration with the SSL handshake is a much cleaner > protocol. > > Mike > > > > On Mon, Jul 22, 2013 at 5:06 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote: >> >> The draft mandates TLS extension ALPN for any https 2.0 connections, >> but why is that necessary? Why can't we also establish an https 2.0 >> connection through the Upgrade mechanism, without ALPN? TLS extension >> may not be available/convenient on some platforms for some time; >> requiring it may discourage some potential implementers. >> >> Zhong Yu >> >
Received on Monday, 22 July 2013 16:48:18 UTC