W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Yoav Nir <synp71@live.com>
Date: Mon, 18 Nov 2013 13:18:32 +0200
Message-ID: <BLU0-SMTP44483F5B17FB166AD52189B1E40@phx.gbl>
To: ietf-http-wg@w3.org
On 18/11/13 5:12 AM, Mark Nottingham wrote:
> I can see two possible paths forward:
> * We can continue to say nothing, meaning that at least some implementations will only implement HTTP/2 for https:// URIs, and interop will be determined by the market (read: chaotic). If we keep on spinning our wheels, this is likely where we'll end up; we can't let this issue dominate the rest of our work.
> * We can compromise and agree upon when and where HTTP/2 can be used for http:// URLs (e.g., for .local and RFC1918 addresses, and/or when alternate mechanisms for important aspects of security are layered in, whether that's opportunistic encryption or something else). This is where I think more discussion will help.
> If anyone can suggest another realistic approach, we're listening.
I think HTTP is used for so many things in so many scenarios, that 
trying to give general guidance in the base spec is asking for trouble 
(example: when checking certificate revocation, you use HTTP to download 
either a CRL or an OCSP response. You can't use authenticated TLS there).

So I see one additional path forward:

* Say nothing in the base spec, but create an additional document 
targeted for Informational, and called "Recommendations for using HTTP/2 
on the web". Even if that document becomes a tar-pit of political 
discussion, it will allow the base spec to go forward on time.

If, however, we really want to standardize a new port for HTTP/2 in the 
clear (or with opportunistic encryption), that can and should go in the 
base spec, I think.

Received on Monday, 18 November 2013 11:19:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC