Talking to yourself from Martin Thomson on 2013-03-11 (ietf-http-wg@w3.org from January to March 2013)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 11 Mar 2013 10:47:50 -0400
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWB-Ox=WMSO5thebu701j0jj2QGA+u64_dQifEgWxkKRQ@mail.gmail.com>

It seems likely that magic will never be 100% reliable in terms of
preventing HTTP/1.1 (and earlier) implementations from attempting to
process HTTP/2.0 connections.

Since we've decided to operate in the clear, we need to at least consider
the "talking to yourself" attack.

See https://github.com/http2/http2-spec/issues/35

Received on Monday, 11 March 2013 14:48:19 UTC