W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

RE: Feedback on Fallback

From: Mike Bishop <Michael.Bishop@microsoft.com>
Date: Mon, 22 Sep 2014 22:41:13 +0000
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <079b4c2799c14adabbd41d5a7f7b76aa@BL2PR03MB132.namprd03.prod.outlook.com>
That specific instance is a question of how tortured a code-path we want to invest in a deprecated feature -- it would entail creating a raw HTTP/1.1 response parser inside an HTTP server, which is... less than ideal.  For client certs, likewise, I agree that there's a lot that TLS *could* do to improve the way it's handled -- but those things don't yet exist, and there needs to be a transition story until they do.

More generally, this error code provides an escape valve and eases gradual deployment of HTTP/2.  A client that supports common cases over HTTP/2 but has some corner cases not-yet-implemented always has the option to choose what protocol it uses to make a given request.  The server can't know whether it's in the corner case until it sees the client request, and doesn't have the same freedom to choose -- unless the protocol provides it.

-----Original Message-----
From: Ilari Liusvaara [mailto:ilari.liusvaara@elisanet.fi] 
Sent: Monday, September 22, 2014 1:09 PM
To: Mike Bishop
Cc: HTTP Working Group
Subject: Re: Feedback on Fallback

On Mon, Sep 22, 2014 at 07:24:48PM +0000, Mike Bishop wrote:

> Some apps we support depend on the ability to emit raw HTTP protocol 
> text.

Are there any HTTP/1.1 messages that can't be gatewayed into HTTP/2?

I know earlier there were some, but I thought those problems have been fixed.

> Others require client certs as a matter of local law and we don't have 
> a way to retrieve the client cert without renegotiation.

Renegotiation is dangerous in multiplexed protocols. And even more dangerous with typical usage of HTTP.

I thought there was proposal for httpauth and TLS extensions to tackle usage of client certificates in HTTP/2? What's the status of those?

Also, I think those extensions, along with some other stuff could be useful in order to implement usable client certificate authentication (right now, CC is infamous for terrible UX).


-Ilari
Received on Monday, 22 September 2014 22:41:41 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC