- From: Roland Zink <roland@zinks.de>
- Date: Sun, 17 Nov 2013 18:56:37 +0100
- To: ietf-http-wg@w3.org
I think the argument is that when HTTP2 is deployed by X then X can use a proper cert and it will work regardless of the middleware. When depending on things being changed in the middle then a HTTP/2 solution can't be deployed reliable. I think 1) this promise will not hold in future and probably is not even true now. 2) Without all clients being HTTP/2 it will be necessary to offer HTTP/2 and HTTP/1 simultaneously anyway, so is it really a big advantage to have the HTTP/2 part be more reliable? 3) If HTTP/2 is a success then bugs in the middleware will be fixed fast 4) Personally I'm pessimistic about the certs, even remembering about the expiry date doesn't work for me. 5) Using a separate port would help to separate HTTP/1 and HTTP/2 infrastructures and will make the solution more reliable Regards, Roland On 17.11.2013 18:10, Julian Reschke wrote: > On 2013-11-17 17:53, Mike Belshe wrote: >> OK - I see. >> >> I think you're mixing current stats (only 30% of sites today have certs >> - seems high?) with incompatibilities - 100% of sites can get certs >> today if they want them. So HTTP/2 requiring certs would not be >> introducing any technical incompatibility (like running on port 100 >> would). >> >> Mike > > So we are optimistic that servers can be fixed to use proper certs, > but pessimistic that bugs in middleware will be fixed? > > Best regards, Julian > >
Received on Sunday, 17 November 2013 17:57:00 UTC