- From: Adrien de Croy <adrien@qbik.com>
- Date: Sun, 17 Nov 2013 20:59:36 +0000
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-Id: <emc7779d5e-82dd-4e96-bf7f-5ed83e4ac826@bodybag>
Hi all there has been talk in the past about http message routers that forward messages relating to multiple concurrent streams over the same underlying protocol stream. I'm a big fan of this idea, but I think requiring http2 to be over TLS would effectively prohibit this. If the TLS is being used to establish credentials between client and server, and is connection-associated, then it holds the same set of badness that everyone holds against NTLM. This means that TLS is being applied at the wrong level. I think we should look into using TLS at the stream level, rather than transport. This would allow a single TCP connection to contain multiple streams where each stream can be between different final endpoints, with different TLS layers. And include unencrypted streams as well. Where it is desired to minimise TLS setup overhead where all streams on a connection will use the same TLS context, then allow for that in the protocol as well. That would then allow point to point links to use TLS to secure messages that may be themselves secured with TLS at the stream level or not. Adrien
Received on Sunday, 17 November 2013 20:59:26 UTC