Proposal for doing unauthenticated encryption inside of HTTP/2 from Paul Hoffman on 2013-12-03 (ietf-http-wg@w3.org from October to December 2013)

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Tue, 3 Dec 2013 07:24:44 -0800
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CAPik8yaOc7fKa4udSy1HFGAEYvWewAotDp419N2eEkjnu6dD5w@mail.gmail.com>

Greetings again. The WG's discussion of how to get authentication in HTTP/2
for http: URLs has gone in two general directions:

  - Include HTTP/2 headers that will indicate an upgrade path that uses TLS

  - Do unauthenticated encryption within HTTP/2

I have just posted draft-hoffman-httpbis-minimal-unauth-enc-00 to help spur
ideas about the second option. It has some advantages and disadvantages
when compared to the first option, and hopefully this lets the WG get more
clarity as to which might be a more preferable mechanism to work on. (There
is still another option, to define HTTP/2 only for https: URLs, but that is
an orthogonal discussion.)

--Paul Hoffman

Received on Tuesday, 3 December 2013 15:25:16 UTC