Re: Call for Proposals re: #314 HTTP2 and http:// URIs on the "open" internet

I'm suggesting that IF a site supports HTTP/2 over TLS (generally over
:443, but that isn't required as we know, e.g. https://foo.com:1234/bar):
It MUST accept HTTPS schemed URLS.
It MAY accept HTTP schemed URLS

And:
If a site does accept HTTP schemed URLS, it MUST NOT reject them with a
status code indicating that the client shouldn't retry HTTP schemed URLs
over TLS.
If a site does NOT accept HTTP schemed URLS, it MUST reject them with a
status code indicating that the client shouldn't retry HTTP schemed URLs
over TLS.

This requires nothing new, makes nothing uncompliant.
-=R



On Tue, Nov 19, 2013 at 10:06 PM, Eliot Lear <lear@cisco.com> wrote:

>  Roberto,
>
>
> On 11/20/13 4:57 AM, Roberto Peon wrote:
>
>  How about:
> HTTPS schemed URLs MUST be sent on an authenticated TLS channel.
> HTTP schemed URLs MAY be sent as unencrypted HTTP2 plaintext, or may be
> sent over a TLS channel.
>
>
> s/TLS channel/via TLS atop the same port/
>
>
> ?
>
>
>  If a server does not wish to handle HTTP schemed URLs over a TLS
> channel, it MUST reject these requests with a RST_STREAM or GOAWAY with an
> error code that indicates that the server does not support HTTP schemed
> URLs on port 443.
> -=R
>
> I'm a little concerned about backward compatibility with this approach.
> There do exist many web sites that offer different content today on the two
> ports.  Are you suggesting that they would become non-compliant?
>
> Eliot
>

Received on Wednesday, 20 November 2013 06:20:07 UTC