W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Call for Proposals re: #314 HTTP2 and http:// URIs on the "open" internet

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 20 Nov 2013 15:02:26 +1100
Cc: James M Snell <jasnell@gmail.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <4F3D91DF-397C-4E49-8F29-7CD8CA2FF73A@mnot.net>
To: Roberto Peon <grmocg@gmail.com>
So I'm interpreting this as a two-part proto-proposal --

a) don't constrain the URI scheme for HTTP/2
b) develop opportunistic encryption of some sort (issue #315).

Is that accurate?

Cheers,



On 20/11/2013, at 2:57 PM, Roberto Peon <grmocg@gmail.com> wrote:

> How about:
> HTTPS schemed URLs MUST be sent on an authenticated TLS channel.
> HTTP schemed URLs MAY be sent as unencrypted HTTP2 plaintext, or may be sent over a TLS channel.
> 
> If a server does not wish to handle HTTP schemed URLs over a TLS channel, it MUST reject these requests with a RST_STREAM or GOAWAY with an error code that indicates that the server does not support HTTP schemed URLs on port 443.
> -=R
> 
> 
> 
> On Tue, Nov 19, 2013 at 7:43 PM, James M Snell <jasnell@gmail.com> wrote:
> On Tue, Nov 19, 2013 at 7:03 PM, Mark Nottingham <mnot@mnot.net> wrote:
> >[snip]
> > No one has yet proposed that we mandate implementing HTTP/2.0 *without* TLS yet -- we'll cross that bridge if we come to it. Talking about "subverting the standards process" is thus WAY too premature.
> >
> 
> Honestly, I'm close to this, but *only* over a new dedicated port. To
> be clear, as an application developer building on top of HTTP/2, I
> want to be able, should I so choose, to rely on the ability to use
> plain text http/2 and do not want a handful of user-agent developers
> to make that decision for me. That said, however, I recognize the
> challenges with making plaintext HTTP/2 over port 80 a mandatory to
> implement thing, therefore, mandatory to implement over a new
> dedicated port would appear to be a reasonable compromise option.
> 
> - James
> 
> 

--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 20 November 2013 04:02:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC