Re: http://tools.ietf.org/html/draft-nottingham-httpbis-alt-svc as a normative reference in http/2

On Wed, Mar 19, 2014 at 6:38 PM, Mark Nottingham <mnot@mnot.net> wrote:

>
> On 20 Mar 2014, at 12:05 pm, William Chan (陈智昌) <willchan@chromium.org>
> wrote:
>
> >> We're going to propose that the alt-svc draft be a normative reference
> in HTTP/2 because the ALTSVC frame uses the concepts in there, not for any
> other reason. If you look at the -04 version of the alt-svc draft, you'll
> see that opportunistic / http://-over-TLS isn't mentioned, except for a
> very indirect one-sentence reference to the use case in the Introduction.
> Nor does it require implementation of or support for the Alt-Svc HTTP
> header field.
> >>
> >> Given that, are you still concerned about the reference?
> >
> > This mitigates my concerns greatly. I eagerly await the next version of
> the draft so I can comment on it more definitively.
>
> OK. Do you understand that the pull request on the altsvc branch (for the
> http2 spec itself) contains the documentation for http:// over TLS?
>

Whoa, really? No, I did not understand that. I'm glad we're discussing this
now. Thanks for pointing that out.


> <
> https://github.com/http2/http2-spec/compare/altsvc#diff-8894168382f6487e5e38c4306e613a88R455
> >
>
> Regardless, I'm a bit confused by your pushback. You don't seem to mind
> that we document this as an option, but have great concerns about *where*
> it's documented. From the standpoint of our specs, the important thing is
> what is required (with RFC2119 language), not now many documents it's
> factored into (which I consider largely an editorial concern; if we start
> re-factoring documents as a means of political compromise, it leads to bad
> things).
>

Sorry, I'm not trying to be dense here. I'm honestly just confused about
what the status is of all the opportunistic encryption stuff. And my
primary objective here is to clear up that confusion. My concern with the
"where" it's documented is what people consider as part of HTTP/2. My
personal opinion is that opportunistic encryption should not be considered
a feature that we're adding in HTTP/2, therefore I definitely don't want it
in the core spec, and to a lesser degree, I also don't want it as a
normative reference, since my understanding is that implies that HTTP/2 has
a normative dependency on opportunistic encryption.


>
> >> Not sure how Zurich comes into it; London is the most recent meeting
> where this was discussed.
> >
> > It's because of what I said before - I don't think it was actually
> discussed in any real detail in London. I very distinctly remember Pat
> saying we should discussing opportunistic encryption in the httpbis session
> and getting tabled. And I know several people who were confused about
> whether or not there was an appropriate time to raise opportunistic
> encryption as a topic of discussion.
>
> I've asked a few people, and their recollection (and mine) is different
> from yours. The minutes also seem to support my interpretation.
>

I'd appreciate those people coming up and stating that. I'm honestly just
saying what I remember, and I'm fine with people disagreeing with my
understanding of what happened. I just don't want it to happen quietly. I
mean, Pat, is my description that far off from what you remember? I
remember you telling me that Stephen was confused about when was
appropriate for him to argue the case for opportunistic encryption. And I
remember being at the mic when the hum was taken and saying that I wasn't
sure what we were agreeing to in the hum.


> In any case, we're discussing it now.
>

And I'm happy with that. I want to re-emphasize that my primary purpose
with this thread is to make sure we get clarity on something that I thought
was vague. If everyone else says they believe that the working group
consensus indeed is to document http:// over TLS in the core HTTP/2 spec,
then clearly I misunderstood, but am fine with being wrong about that
understanding.


>
> Cheers,
>
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>