HTTPS 2.0 without TLS extension? from Zhong Yu on 2013-07-22 (ietf-http-wg@w3.org from July to September 2013)

From: Zhong Yu <zhong.j.yu@gmail.com>
Date: Mon, 22 Jul 2013 07:06:02 -0500
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CACuKZqEBAqXs-cQF1U-g3npaXGR0LEoXZYxDv-3a+ftn-YG=_g@mail.gmail.com>

The draft mandates TLS extension ALPN for any https 2.0 connections,
but why is that necessary? Why can't we also establish an https 2.0
connection through the Upgrade mechanism, without ALPN? TLS extension
may not be available/convenient on some platforms for some time;
requiring it may discourage some potential implementers.

Zhong Yu

Received on Monday, 22 July 2013 12:06:29 UTC