W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: comprehensive TLS is not the solution, it's a bug ... (was 2 questions)

From: Walter H. <Walter.H@mathemainzel.info>
Date: Tue, 31 Mar 2015 20:55:20 +0200
Message-ID: <551AED98.7070601@mathemainzel.info>
To: Maxthon Chan <xcvista@me.com>
CC: ietf-http-wg@w3.org
On 31.03.2015 20:37, Maxthon Chan wrote:
> Seem relevant, so I am just throwing it out here:
>
> How about making TLS mandatory, and the URL scheme “http:” and “https:” only determines whether the certificate is checked or not?
what should be the benefit of this behaviour?
  please think of the user/client side, not the server side when 
answering this;
> Also since HTTP/1.1 have a protocol upgrade mechanism, how about using that as a stepstone of HTTP/2 (that is, all sessions is initiated as HTTP/1.1, and a HTTP/2-capable server tells the client it can start using HTTP/2 features in the resulting HTTP/1.1 header and further communications is HTTP/2)
this is the only way; and the client must be able to refuse this and go 
further with HTTP/1.1 ...; and a client that is not capable of using 
HTTP/2.0 will hopefully ignore this ...

Greetings,
Walter


Received on Tuesday, 31 March 2015 18:55:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC