How about: HTTPS schemed URLs MUST be sent on an authenticated TLS channel. HTTP schemed URLs MAY be sent as unencrypted HTTP2 plaintext, or may be sent over a TLS channel. If a server does not wish to handle HTTP schemed URLs over a TLS channel, it MUST reject these requests with a RST_STREAM or GOAWAY with an error code that indicates that the server does not support HTTP schemed URLs on port 443. -=R On Tue, Nov 19, 2013 at 7:43 PM, James M Snell <jasnell@gmail.com> wrote: > On Tue, Nov 19, 2013 at 7:03 PM, Mark Nottingham <mnot@mnot.net> wrote: > >[snip] > > No one has yet proposed that we mandate implementing HTTP/2.0 *without* > TLS yet -- we'll cross that bridge if we come to it. Talking about > "subverting the standards process" is thus WAY too premature. > > > > Honestly, I'm close to this, but *only* over a new dedicated port. To > be clear, as an application developer building on top of HTTP/2, I > want to be able, should I so choose, to rely on the ability to use > plain text http/2 and do not want a handful of user-agent developers > to make that decision for me. That said, however, I recognize the > challenges with making plaintext HTTP/2 over port 80 a mandatory to > implement thing, therefore, mandatory to implement over a new > dedicated port would appear to be a reasonable compromise option. > > - James > >
Received on Wednesday, 20 November 2013 03:58:01 UTC