Re: Comments about draft-ietf-httpbis-http2-16 : Connection reuse from Aeris on 2015-01-02 (ietf-http-wg@w3.org from January to March 2015)

From: Aeris <aeris@imirhil.fr>
Date: Fri, 02 Jan 2015 20:06:21 +0100
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Ryan Hamilton <rch@google.com>, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Patrick McManus <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <1888796.YASrudrumL@home>

> Of course, we have also defined several ways to avoid this happening
> if that doesn't suit you.  The 421 status code.  The HTTP_1_1_REQUIRED
> error code.

Yep. Or you can disable all HTTP/2 too.
Cases I mention can’t be detected application-side or with very difficulty 
server-side. Simpler/more secure to disable all the HT2 stack.

But HTTP/2 is good for speed and the difference is very noticable.
Too bad the overall security will be such there is no way to use it on a post-
snowden era and/or with critical content…

-- 
Aeris

Protégez votre vie privée, chiffrez vos communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

Received on Friday, 2 January 2015 19:06:52 UTC