W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Stricter TLS Usage in HTTP/2

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 4 Jun 2014 09:58:43 -0700
Message-ID: <CABkgnnWprrzVjhcqumOeUmCepTf3spGacnmuu-u0Q3esWRHJpQ@mail.gmail.com>
To: Cory Benfield <cory@lukasa.co.uk>
Cc: ChanWilliam(ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, "Richard Wheeldon, (rwheeldo)" <rwheeldo@cisco.com>, Yoav Nir <ynir.ietf@gmail.com>, Patrick McManus <mcmanus@ducksong.com>, Adam Langley <agl@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Jun 4, 2014 9:47 AM, "Cory Benfield" <cory@lukasa.co.uk> wrote:
> Happy to mandate at least one of NPN and ALPN for both servers and
> clients. Servers _should_ support both but I see no reason to turn
> that into a must.

You have to have one of:
- support ALPN
- support NPN
- support both on client, either on server
- support either on client, both on server

Or you get the problem where peers support different mechanisms and
negotiation fails.

We have chosen the first option. The document didn't say MUST, but it is
still normative this regard.

We do recognize that - for a short while at least - NPN is more accessible
to some. So many people have enabled NPN to facilitate testing of other
parts of the protocol.
Received on Wednesday, 4 June 2014 16:59:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC