- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Mon, 22 Sep 2014 23:09:00 +0300
- To: Mike Bishop <Michael.Bishop@microsoft.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Sep 22, 2014 at 07:24:48PM +0000, Mike Bishop wrote: > Some apps we support depend on the ability to emit raw HTTP protocol > text. Are there any HTTP/1.1 messages that can't be gatewayed into HTTP/2? I know earlier there were some, but I thought those problems have been fixed. > Others require client certs as a matter of local law and we don't > have a way to retrieve the client cert without renegotiation. Renegotiation is dangerous in multiplexed protocols. And even more dangerous with typical usage of HTTP. I thought there was proposal for httpauth and TLS extensions to tackle usage of client certificates in HTTP/2? What's the status of those? Also, I think those extensions, along with some other stuff could be useful in order to implement usable client certificate authentication (right now, CC is infamous for terrible UX). -Ilari
Received on Monday, 22 September 2014 20:09:27 UTC