W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: something I don't get about the current plan...

From: Roland Zink <roland@zinks.de>
Date: Sun, 17 Nov 2013 18:56:37 +0100
Message-ID: <52890355.8050509@zinks.de>
To: ietf-http-wg@w3.org
I think the argument is that when HTTP2 is deployed by X then X can use 
a proper cert and it will work regardless of the middleware. When 
depending on things being changed in the middle then a HTTP/2 solution 
can't be deployed reliable.

I think

1) this promise will not hold in future and probably is not even true now.
2) Without all clients being HTTP/2 it will be necessary to offer HTTP/2 
and HTTP/1 simultaneously anyway, so is it really a big advantage to 
have the HTTP/2 part be more reliable?
3) If HTTP/2 is a success then bugs in the middleware will be fixed fast
4) Personally I'm pessimistic about the certs, even remembering about 
the expiry date doesn't work for me.
5) Using a separate port would help to separate HTTP/1 and HTTP/2 
infrastructures and will make the solution more reliable

Regards,
Roland


On 17.11.2013 18:10, Julian Reschke wrote:
> On 2013-11-17 17:53, Mike Belshe wrote:
>> OK - I see.
>>
>> I think you're mixing current stats (only 30% of sites today have certs
>> - seems high?) with incompatibilities - 100% of sites can get certs
>> today if they want them.  So HTTP/2 requiring certs would not be
>> introducing any technical incompatibility (like running on port 100 
>> would).
>>
>> Mike
>
> So we are optimistic that servers can be fixed to use proper certs, 
> but pessimistic that bugs in middleware will be fixed?
>
> Best regards, Julian
>
>
Received on Sunday, 17 November 2013 17:57:00 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:38 UTC