Re: http/1 opportunistic encryption

> Am 17.06.2015 um 05:15 schrieb Mark Nottingham <>:
>> On 16 Jun 2015, at 6:32 pm, Stefan Eissing <> wrote:
>> Reading (again), some questions:
>> * If configuring a old-school http/1 only server for this, the Alt-Svc announcement would be:
>> Alt-Svc: http/1.1=":81"
>>  ?
> See <>; "HTTP/1.1 MUST NOT be used for opportunistically secured requests."

Thanks for pointing me there. 

What is the scenario exactly that clients, knowledgeable of Alt-Svc, will confuse htttp: and https: URIs? With an Alt-Svc sitting at the endpoint of a TLS connection, no middle box confusion is involved. I would also assume that a server announcing such a service knows what it's doing (for example using a special port for this service). So, 6.4 does not explain to me (and maybe other readers) what the MUST NOT is about.

What did I miss?

<green/>bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782

Received on Wednesday, 17 June 2015 08:20:58 UTC