- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 30 Oct 2014 16:40:03 -0700
- To: Erik Nygren <erik@nygren.org>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On 30 October 2014 15:36, Erik Nygren <erik@nygren.org> wrote: > In light of the discussion around 9.2.2, are there changes we want to > consider > making to draft-ietf-httpbis-http2-encryption that could improve > interoperability > when it is used? Should that draft strongly encourage using TLS with > DHE/ECDHE key exchange for (P)FS, or does that dive too deeply into > the same problems with 9.2.2? We can tighten up the requirements, certainly. > One thought that I had was that we may want the localhost Alt-Svc to > indicate > when the server does not plan to offer valid authentication. This was a feature that was included in early versions, in a slightly different form. And I have argued against it. I don't see any value in this. You either expect to authenticate, or not. The way that the current draft addresses this is to have the new connection promise to provide authentication. I'd rather not have two mechanisms for the same thing.
Received on Thursday, 30 October 2014 23:40:31 UTC