- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Mon, 15 Jul 2013 15:16:10 +0200
- To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
- Cc: "M Stefan" <mstefanro@gmail.com>, ietf-http-wg@w3.org
Le Lun 15 juillet 2013 02:02, Poul-Henning Kamp a écrit : > Authentication should happen either in the encrypting transport > which moves HTTP/2.0 across (as in certificates and assymetric crypto) > or in the application transported inside HTTP/2.0 (as in most web-site > login dialogs), but HTTP/2.0 itself should not get involved: It > is the wrong layer. However, secret transport *is* HTTP/2.0 domain, and there are quite a lot of parts of the spec that assume "simple" auth (intermediary auth comes to mind). I'm quite sure straightening auth requires at least some protocol adjustments. Regards, -- Nicolas Mailhot
Received on Monday, 15 July 2013 13:16:42 UTC