- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 24 Jul 2014 11:33:41 -0700
- To: Erik Nygren <erik@nygren.org>
- Cc: Greg Wilkins <gregw@intalio.com>, Matthew Kerwin <matthew@kerwin.net.au>, Adrien de Croy <adrien@qbik.com>, Zhong Yu <zhong.j.yu@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 24 July 2014 11:21, Erik Nygren <erik@nygren.org> wrote: > I'd been under the assumption that http-scheme-over-TLS would only be > allowed over HTTP/2? I'll open that issue. We currently have no explicit restriction that prevents this. I don't think that we have any reason to say HTTP/2-only. I also don't think that we need a specific exclusion for HTTP/1.1, which is the other way we might cut this (so that we could retain the feature for some theorized HTTP/5, which may or may not be in active development for some major browser). That said, Mozilla doesn't plan to use oppsec for HTTP/1.1, at least in the short to medium term.
Received on Thursday, 24 July 2014 18:34:11 UTC