- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Thu, 12 Dec 2013 09:53:26 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Paul Hoffman <paul.hoffman@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Dec 12, 2013 at 03:52:22PM +1100, Mark Nottingham wrote: (The difference between h2t and h2r) > Yep, that's been discussed a few times, it's an open question. > > One possible use is that the server may want/need to know whether or > not the client is validating the cert; e.g., a bank. Or client knowing if server supports HTTP-over-HTTPS (sending HTTP requests over HTTP/TLS)? Or does h2t or HTTP/2.0 already imply it? I have seen at least one HTTP/1.1 server that fails in dangerous way[1] (and knowing it is apache probably means there are a lot more of those) if one tries using HTTP-over-HTTPS. Also, internally using HTTPS on HTTPS could cause some (bady written) things to fail as client and server could then disagree about the protocol. [1] Essentially, returning wrong data without error. -Ilari
Received on Thursday, 12 December 2013 07:53:51 UTC