- From: James M Snell <jasnell@gmail.com>
- Date: Tue, 3 Dec 2013 10:57:41 -0800
- To: Paul Hoffman <paul.hoffman@gmail.com>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Great to see this. I'm fairly tied up currently but definitely want to look at this in comparison to my intra-connection negotiation draft. Perhaps these can be brought together into a single proposal. I'll see about getting some feedback later this week. On Tue, Dec 3, 2013 at 7:24 AM, Paul Hoffman <paul.hoffman@gmail.com> wrote: > Greetings again. The WG's discussion of how to get authentication in HTTP/2 > for http: URLs has gone in two general directions: > > - Include HTTP/2 headers that will indicate an upgrade path that uses TLS > > - Do unauthenticated encryption within HTTP/2 > > I have just posted draft-hoffman-httpbis-minimal-unauth-enc-00 to help spur > ideas about the second option. It has some advantages and disadvantages when > compared to the first option, and hopefully this lets the WG get more > clarity as to which might be a more preferable mechanism to work on. (There > is still another option, to define HTTP/2 only for https: URLs, but that is > an orthogonal discussion.) > > --Paul Hoffman
Received on Tuesday, 3 December 2013 18:58:28 UTC