W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Proposal for doing unauthenticated encryption inside of HTTP/2

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Tue, 3 Dec 2013 07:24:44 -0800
Message-ID: <CAPik8yaOc7fKa4udSy1HFGAEYvWewAotDp419N2eEkjnu6dD5w@mail.gmail.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Greetings again. The WG's discussion of how to get authentication in HTTP/2
for http: URLs has gone in two general directions:

  - Include HTTP/2 headers that will indicate an upgrade path that uses TLS

  - Do unauthenticated encryption within HTTP/2

I have just posted draft-hoffman-httpbis-minimal-unauth-enc-00 to help spur
ideas about the second option. It has some advantages and disadvantages
when compared to the first option, and hopefully this lets the WG get more
clarity as to which might be a more preferable mechanism to work on. (There
is still another option, to define HTTP/2 only for https: URLs, but that is
an orthogonal discussion.)

--Paul Hoffman
Received on Tuesday, 3 December 2013 15:25:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC