W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: #148: Reasonable Assurances and H2C

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 26 Feb 2016 18:29:48 +1100
Cc: Martin Thomson <martin.thomson@gmail.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP WG <ietf-http-wg@w3.org>
Message-Id: <12592576-7F89-4309-B97D-753C9402CE7B@mnot.net>
To: "Julian F. Reschke" <julian.reschke@greenbytes.de>, Barry Leiba <barryleiba@computer.org>

> On 26 Feb 2016, at 6:26 PM, Julian Reschke <julian.reschke@greenbytes.de> wrote:
> 
> On 2016-02-26 01:56, Mark Nottingham wrote:
>> I've taken a stab at this:
>>   https://github.com/httpwg/http-extensions/commit/f1024d233157e
>> 
>> Please review.
>> 
>> Cheers,
> 
> That says:
> 
>>   For the purposes of this document, "reasonable assurances" can be
>>   established through use of a TLS-based protocol with the certificate
>>   checks defined in [RFC2818].  Other means of establishing them MUST
>>   be documented in an RFC that updates this specification.  Clients MAY
>>   impose additional criteria for establishing reasonable assurances.
> 
> As far as I understand, this is a hook for draft-ietf-httpbis-http2-encryption-03, which is currently labeled "experimental". It is my understanding that experimental RFCs will have a hard time "updating" a standards-track RFC, though...

Barry, any insights here? 

--
Mark Nottingham   https://www.mnot.net/
Received on Friday, 26 February 2016 07:30:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC