W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP/2.0 draft, NPN/ALPN, and TLS

From: Michael Sweet <msweet@apple.com>
Date: Mon, 09 Dec 2013 13:33:45 -0500
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-id: <5E08067D-9EEE-49B9-9418-64D3C6B48DE3@apple.com>
To: Chris Burdess <dog@gnu.org>

On Dec 9, 2013, at 1:19 PM, Chris Burdess <dog@gnu.org> wrote:
> ...
> Obviously that isn't going to happen overnight, however it may well
> happen before there is widespread deployed support for the current
> NPN/ALPN proposal. In the meantime we want a confidentialy solution that
> works. I propose that there be a standard STARTTLS-like HTTP Upgrade
> mechanism that can convert the plaintext HTTP connection (on port 80)
> not only to HTTP/2.0 but also start TLS.

RFC 2817 defines how to upgrade a plaintext HTTP connection to TLS. Conceptually it could be combined with the plaintext HTTP/2.0 upgrade defined in the current draft - we'd just need to define the order of things when multiple upgrades are specified (i.e. TLS first, then the HTTP/2.0 startup sequence...)

Michael Sweet, Senior Printing System Engineer, PWG Chair
Received on Monday, 9 December 2013 18:34:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:21 UTC