Re: HTTPS 2.0 without TLS extension? from Michael Sweet on 2013-07-28 (ietf-http-wg@w3.org from July to September 2013)

From: Michael Sweet <msweet@apple.com>
Date: Sun, 28 Jul 2013 08:12:24 -0400
To: Eliot Lear <lear@cisco.com>
Cc: =?utf-8?Q? William_Chan_=28=E9=99=88=E6=99=BA=E6=98=8C=29 ?= <willchan@chromium.org>, Zhong Yu <zhong.j.yu@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-id: <C8157F95-D9F1-4E0A-BA29-733A0DE4A3E5@apple.com>

... and don't forgot some of the more obscure usage of HTTP, such as HTTP over USB in the USB-IF's IPP USB Specification:

    http://www.usb.org/developers/devclass_docs

There isn't much point in using TLS over USB (and a lot of cost issues for that class of printer against it), and we need to continue to use the same USB end points/interfaces, so upgrade remains an important feature of HTTP/2.0 for me/Apple...

Sent from my iPad

On 2013-07-28, at 12:46 AM, Eliot Lear <lear@cisco.com> wrote:

> 
> On 7/23/13 7:34 PM, William Chan (陈智昌) wrote:
>> FWIW, it seems reasonable to me to have the spec allow HTTPS 2.0 without TLS extension. If you want to Upgrade, be my guest. I have no plans for my browser to support that, and I don't think Google servers will support it either, because we care strongly about the advantages of TLS-ALPN vs Upgrade.
> 
> Not only that, I don't think we can reasonably call this HTTP 2.0 if we have no path to do it in the clear.

Received on Sunday, 28 July 2013 12:12:55 UTC