Re: HTTPS 2.0 without TLS extension? from Eliot Lear on 2013-07-28 (ietf-http-wg@w3.org from July to September 2013)

From: Eliot Lear <lear@cisco.com>
Date: Sun, 28 Jul 2013 06:46:39 +0200
To: "William Chan (陈智昌)" <willchan@chromium.org>
CC: Zhong Yu <zhong.j.yu@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <51F4A22F.2090804@cisco.com>

On 7/23/13 7:34 PM, William Chan (陈智昌) wrote:
> FWIW, it seems reasonable to me to have the spec allow HTTPS 2.0
> without TLS extension. If you want to Upgrade, be my guest. I have no
> plans for my browser to support that, and I don't think Google servers
> will support it either, because we care strongly about the advantages
> of TLS-ALPN vs Upgrade.

Not only that, I don't think we can reasonably call this HTTP 2.0 if we
have no path to do it in the clear.

Received on Sunday, 28 July 2013 04:47:10 UTC