- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Wed, 20 Nov 2013 07:06:28 +0200
- To: James M Snell <jasnell@gmail.com>
- Cc: Roberto Peon <grmocg@gmail.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Tue, Nov 19, 2013 at 08:47:43PM -0800, James M Snell wrote: > On Tue, Nov 19, 2013 at 8:39 PM, Ilari Liusvaara > <ilari.liusvaara@elisanet.fi> wrote: > > > > How would that work? CONNECT is essentially TCP stream carried within > > HTTP/2 mux. > > CONNECT within HTTP/2 consists of a HEADERS frame followed by any > number of DATA frames. If, before sending the CONNECT we negotiate a > key agreement with the authority/origin, every DATA frame in the > CONNECT stream would be encrypted in accordance with the agreement. An > intermediary would be less able to inspect the DATA frame payload to > see what's going on inside. CONNECT isn't end-to-end. -Ilari
Received on Wednesday, 20 November 2013 05:06:51 UTC