Re: Proposal for doing unauthenticated encryption inside of HTTP/2

Great to see this. I'm fairly tied up currently but definitely want to
look at this in comparison to my intra-connection negotiation draft.
Perhaps these can be brought together into a single proposal. I'll see
about getting some feedback later this week.

On Tue, Dec 3, 2013 at 7:24 AM, Paul Hoffman <> wrote:
> Greetings again. The WG's discussion of how to get authentication in HTTP/2
> for http: URLs has gone in two general directions:
>   - Include HTTP/2 headers that will indicate an upgrade path that uses TLS
>   - Do unauthenticated encryption within HTTP/2
> I have just posted draft-hoffman-httpbis-minimal-unauth-enc-00 to help spur
> ideas about the second option. It has some advantages and disadvantages when
> compared to the first option, and hopefully this lets the WG get more
> clarity as to which might be a more preferable mechanism to work on. (There
> is still another option, to define HTTP/2 only for https: URLs, but that is
> an orthogonal discussion.)
> --Paul Hoffman

Received on Tuesday, 3 December 2013 18:58:28 UTC