Removing CREDENTIAL from Brian Raymor (MS OPEN TECH) on 2013-02-21 (ietf-http-wg@w3.org from January to March 2013)

From: Brian Raymor (MS OPEN TECH) <Brian.Raymor@microsoft.com>
Date: Thu, 21 Feb 2013 03:06:28 +0000
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <b1ccc30d42484db39ef827c7b36e4050@BL2PR03MB605.namprd03.prod.outlook.com>

In the Speed+Mobility draft, we removed CREDENTIAL because:

   CREDENTIAL:  This is removed from HTTP Speed+Mobility because we
      believe it is not compatible with options such as TLS SNI.  For
      this proposal, a session MUST only target one origin as described
      in [RFC6454].

Concerns were also raised in "CREDENTIAL really needed?" (https://groups.google.com/forum/?fromgroups#!searchin/spdy-dev/credential/spdy-dev/WazzPBFbdpk/yayPrNTehYYJ). Based on the responses, it appears that CREDENTIAL was an experimental feature not used in SPDY/3, but intended to be replaced with a different design in the future; therefore, it could safely be deprecated or ignored.

I propose that CREDENTIAL be removed from the HTTP/2.0 draft. Related issue:

https://github.com/http2/http2-spec/issues/39


Brian Raymor
Senior Program Manager
Microsoft Open Technologies, Inc. 
A subsidiary of Microsoft Corporation

Received on Thursday, 21 February 2013 03:07:12 UTC