http/1 opportunistic encryption

Reading (again) https://httpwg.github.io/http-extensions/encryption.html, some questions:

* If configuring a old-school http/1 only server for this, the Alt-Svc announcement would be:
  Alt-Svc: http/1.1=":81"
   ?

* Ch. 5.1
  "When it appears in a HTTP response from a strongly authenticated alternative service..." 
  This means the certificate is valid for the alt-svc host that can be different from the
  host in the http:// url originally requested, right?
  Example:
  GET http://test.example.org/opportunistic
  -> Alt-Svc: h2="h2.example.biz:81"
  -> GET http://test.example.org/opportunistic via TLS+h2 connection to h2.example.biz:81
  "strongly authenticated" meaning connection presents valid cert for h2.example.biz, has acceptable cipher, etc.

* Given that the example above is correct, what protocol does h2.example.biz:81 need to implement?
  Will it be something like RFC 7540, but ignoring the special security requirements for TLS? Which parts would still apply to a server implementing this?

I am asking out of interest to implement this and easing configuration, at least giving advice, for people who want to have this working on their httpd installation. 

As for testing, are there clients/canaries already implementing this?

Thanks for the help.

//Stefan

<green/>bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782

Received on Tuesday, 16 June 2015 08:32:45 UTC