W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Proposal for doing unauthenticated encryption inside of HTTP/2

From: James M Snell <jasnell@gmail.com>
Date: Tue, 3 Dec 2013 10:57:41 -0800
Message-ID: <CABP7Rbc-49sM8dD1EXsP6RpJQVxaLRir0F2=zkwhSzA0C-a08Q@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Great to see this. I'm fairly tied up currently but definitely want to
look at this in comparison to my intra-connection negotiation draft.
Perhaps these can be brought together into a single proposal. I'll see
about getting some feedback later this week.

On Tue, Dec 3, 2013 at 7:24 AM, Paul Hoffman <paul.hoffman@gmail.com> wrote:
> Greetings again. The WG's discussion of how to get authentication in HTTP/2
> for http: URLs has gone in two general directions:
>
>   - Include HTTP/2 headers that will indicate an upgrade path that uses TLS
>
>   - Do unauthenticated encryption within HTTP/2
>
> I have just posted draft-hoffman-httpbis-minimal-unauth-enc-00 to help spur
> ideas about the second option. It has some advantages and disadvantages when
> compared to the first option, and hopefully this lets the WG get more
> clarity as to which might be a more preferable mechanism to work on. (There
> is still another option, to define HTTP/2 only for https: URLs, but that is
> an orthogonal discussion.)
>
> --Paul Hoffman
Received on Tuesday, 3 December 2013 18:58:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC