- From: Stuart Douglas <stuart.w.douglas@gmail.com>
- Date: Fri, 19 Sep 2014 10:57:21 +1000
- To: "Roy T. Fielding" <fielding@gbiv.com>
- CC: Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
I also think that this should not be in the HTTP2 spec, and looking the WG's HTTP2 charter I think that is explicitly listed as being out of scope: Explicitly out-of-scope items include: * Specifying the use of alternate transport-layer protocols. Note that it is expected that the Working Group will work with the TLS working group to define how the protocol is used with the TLS Protocol; any revisions to RFC 2818 will be done in the TLS working group. Stuart Roy T. Fielding wrote: > I still don't believe that any of these requirements belong in h2, > and I won't implement them even if they end up in the RFC. It is > not the HTTP server's responsibility to second-guess the configuration > regarding the security properties of the underlying connections. > We have no idea what hardware or gateways might be doing to secure those > connections. We don't even know what TLS library is being used, > since all we see is an API into someone else's code. > > TLS requirements belong in the TLS code. > > ....Roy > >
Received on Friday, 19 September 2014 00:57:56 UTC