- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 9 Jun 2015 15:40:58 -0700
- To: Adrien de Croy <adrien@qbik.com>
- Cc: Mike Bishop <Michael.Bishop@microsoft.com>, Yoav Nir <ynir.ietf@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 9 June 2015 at 15:26, Adrien de Croy <adrien@qbik.com> wrote: > > so the proposal is to include some flag in all requests (but maybe not by > some browsers) which can't be used by the server. Sure it can be used. > That doesn't seem like a good use of resource. It's a few bytes. We've wasted a lot more elsewhere for less worthy reasons. Not that I think this is a great idea, but I can appreciate that Microsoft have to do *something*. It's an existing use that isn't well served. I'd rather the option I proposed, but we're not seeing a lot of movement on the client authentication piece. Maybe when Microsoft produce a proposal for TLS 1.3, we'll be a better position. Maybe that will be possible when the TLS 1.3 key schedule and handshake becomes stable (which should be very soon). > Or is tongue firmly planted in cheek on this one? Not this time. I refer you to: http://download.microsoft.com/download/C/6/C/C6C3C6F1-E84A-44EF-82A9-49BD3AAD8F58/Windows/%5BMS-HTTP2E-Preview%5D.pdf > Did you forget Chromium as well? I never forget Chromium, or Safari, or Opera, or Yandex, or UC browser... I just don't know what they plan to do yet. I think that Chromium have disabled renegotiation, but I wasn't sure.
Received on Tuesday, 9 June 2015 22:41:26 UTC