Re: impact of 9.2.2 changes and discussions on opportunistic encryption draft

On 30 October 2014 15:36, Erik Nygren <erik@nygren.org> wrote:
> In light of the discussion around 9.2.2, are there changes we want to
> consider
> making to draft-ietf-httpbis-http2-encryption that could improve
> interoperability
> when it is used?  Should that draft strongly encourage using TLS with
> DHE/ECDHE key exchange for (P)FS, or does that dive too deeply into
> the same problems with 9.2.2?

We can tighten up the requirements, certainly.

> One thought that I had was that we may want the localhost Alt-Svc to
> indicate
> when the server does not plan to offer valid authentication.

This was a feature that was included in early versions, in a slightly
different form.  And I have argued against it.  I don't see any value
in this.  You either expect to authenticate, or not.  The way that the
current draft addresses this is to have the new connection promise to
provide authentication.  I'd rather not have two mechanisms for the
same thing.

Received on Thursday, 30 October 2014 23:40:31 UTC