Re: http://tools.ietf.org/html/draft-nottingham-httpbis-alt-svc as a normative reference in http/2 from 陈智昌 on 2014-03-19 (ietf-http-wg@w3.org from January to March 2014)

From: 陈智昌 <willchan@chromium.org>
Date: Wed, 19 Mar 2014 14:05:42 -0700
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAA4WUYg0vBnRtrW1b8zZO4QB8wBSLHWFmid9wO-BqBQwv7WFsw@mail.gmail.com>

On Wed, Mar 19, 2014 at 1:46 PM, Julian Reschke <julian.reschke@gmx.de>wrote:

> On 2014-03-19 21:23, William Chan (陈智昌) wrote:
>
>> ...
>>
>> I agree that we don't need to make a normative dependency on a header
>> field definition. My interest in removing this as a normative dependency
>> is because many people are confused about the HTTP/2 spec explicitly
>> defining how to do TLS for http:// URIs. Yet, my feeling is that
>> some/many/dunno of us don't want to block the HTTP/2 spec on this, and
>> want to decouple that. Therefore, I think we should discuss explicitly
>> decoupling that from what we're depending on in HTTP/2.
>> ...
>>
>
> Again, the header field can be used by a server to indicate an alternative
> service. There is (or shouldn't be) any requirement to honor it.
>
> Would you feel better if the header field would be in yet another spec?
>

Sorry, I guess I wasn't explicit enough. Yes. I'd feel better if it were in
a spec that weren't listed as a normative reference from within HTTP/2. I
suspect this is the reason that people are confused about whether or not
HTTP/2 supports opportunistic encryption. That and Mark's blogpost [1]
which says: "Based on Patrick’s implementation experience as well as the
impetus of the STRINT discussion, HTTPbis agreed in London to incorporate —
but not require support for — opportunistic encryption in HTTP/2, based
upon the Alternate Services approach." I don't remember any consensus for
this, and therefore, I wanted to explicitly discuss this on the mailing
list to clarify. Because, as Mark also notes in the same blogpost, we
discussed it very extensively and inconclusively in Zurich. And when Pat
raise it up as a topic of discussion in London, I recall Mark explicitly
tabling the topic in order to move on. So I don't want us to accidentally
rewrite consensus here. If we're going to explicitly make HTTP/2
incorporate opportunistic encryption, let's explicitly agree to do so. Not
just accidentally because it's part of a document that's normatively
referenced.

[1] - http://www.mnot.net/blog/2014/03/17/trying_out_tls_for_http_urls

>
> Best regards, Julian
>

Received on Wednesday, 19 March 2014 21:06:09 UTC