Re: Comments about draft-ietf-httpbis-http2-16 : Connection reuse

On 2 January 2015 at 10:10, Aeris <> wrote:
> List *all* those validity checks is impossible, because depends of tons of
> parameters, RFCed or not, built-in or not, custom or not. This is not just a
> case of X.509, TLSA or PKP.

Ultimately, clients will determine what requirements need to be met in
order to consider an origin authenticated.  There are RFCs to guide
that process, and those aim to establish a baseline (2818 or 6125 +
5280 perhaps being that baseline) but the choice of which RFCs ensures
that there are - as you say - a virtually infinite number of choices.

That is why the draft states that the server needs to be considered
authoritative, and then relies on the definition of that from RFC

The HTTP/2 draft simply states the conditions under which connections
can be reused.  This is different from HTTP/1.1, which is probably the
source of your angst.

Of course, we have also defined several ways to avoid this happening
if that doesn't suit you.  The 421 status code.  The HTTP_1_1_REQUIRED
error code.

Received on Friday, 2 January 2015 18:31:44 UTC