W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Call for Proposals re: #314 HTTP2 and http:// URIs on the "open" internet

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 20 Nov 2013 12:02:36 +1100
Message-Id: <21ACB8E5-BC29-4725-8333-7B96E3364AE9@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
<https://github.com/http2/http2-spec/issues/314>

While discussion over the last week certainly has been interesting, we can't debate the big questions forever; there's too much other work for us. 

Issue #314 pertains to what -- if anything -- we say about the deployment and support of HTTP/2.0 for http:// URIs on the "open internet".

So far, we don't have any text for this issue, so I'm asking for proposals to be made now. 

If we can't get consensus (or if one isn't made), the default is to leave the specification as-is; that is, we'll continue to define how to use HTTP/2.0 for both http:// and https://, and implementations will choose which scheme(s) they support for the new protocol. You're welcome to explicitly propose the status quo, of course. 

To reiterate -- some browser folks have stated that they will not be implementing HTTP/2.0 for HTTP without TLS in their products, so unless they become convinced otherwise, there will still be a *market* requirement to implement TLS if you want to get the benefit of HTTP/2 with the broadest selection of clients. What we're talking about here is what normative requirements we want to put in the spec itself.

When making a proposal, please keep in mind that it needs to meet the bar of rough consensus and running code. Also, your proposal should define its scope of applicability (the "open internet" definition; generally, we've been talking about browsers interacting with sites on the public Web).

Also, note that we have a lot of related issues to discuss. Proposals might include assumptions about these; e.g., you can suggest that we require opportunistic TLS to be implemented for HTTP URIs. Please don't include too much detail about upgrade processes, mechanics of opportunistic encryption, etc., since these are separable decisions.

To help us focus here, please refrain from the *general* discussion of the pros and cons of requiring TLS, so that we can concentrate on the proposals (if any emerge). I will be reminding people of this nicely (at first).

Thanks,

P.S. If you intend to make a proposal but aren't ready to do so yet, please contact me privately. I'm willing to defer discussion of this issue for a reasonable amount of time if it'll help us get to consensus.


--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 20 November 2013 01:02:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC