- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Wed, 17 Jun 2015 10:20:31 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
> Am 17.06.2015 um 05:15 schrieb Mark Nottingham <mnot@mnot.net>: > >> >> On 16 Jun 2015, at 6:32 pm, Stefan Eissing <stefan.eissing@greenbytes.de> wrote: >> >> Reading (again) https://httpwg.github.io/http-extensions/encryption.html, some questions: >> >> * If configuring a old-school http/1 only server for this, the Alt-Svc announcement would be: >> Alt-Svc: http/1.1=":81" >> ? > > See <https://httpwg.github.io/http-extensions/encryption.html#confusion-regarding-request-scheme>; "HTTP/1.1 MUST NOT be used for opportunistically secured requests." Thanks for pointing me there. What is the scenario exactly that clients, knowledgeable of Alt-Svc, will confuse htttp: and https: URIs? With an Alt-Svc sitting at the endpoint of a TLS connection, no middle box confusion is involved. I would also assume that a server announcing such a service knows what it's doing (for example using a special port for this service). So, 6.4 does not explain to me (and maybe other readers) what the MUST NOT is about. What did I miss? <green/>bytes GmbH Hafenweg 16, 48155 Münster, Germany Phone: +49 251 2807760. Amtsgericht Münster: HRB5782
Received on Wednesday, 17 June 2015 08:20:58 UTC