W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 12 Dec 2013 15:52:22 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <C2B07627-2452-4839-81F1-8CA2DB012508@mnot.net>
To: Paul Hoffman <paul.hoffman@gmail.com>
Yep, that's been discussed a few times, it's an open question.

One possible use is that the server may want/need to know whether or not the client is validating the cert; e.g., a bank.

Cheers,


On 12 Dec 2013, at 2:04 pm, Paul Hoffman <paul.hoffman@gmail.com> wrote:

> I'm still confused about "h2r". Why is the server offering this as something different than "h2t"? That is, if it is the client's choice whether or not to authenticate the server, why do you have this as something the server is offering?
> 
> --Paul Hoffman

--
Mark Nottingham   http://www.mnot.net/
Received on Thursday, 12 December 2013 04:52:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC