Re: comprehensive TLS is not the solution, it's a bug ... (was 2 questions)

On 31.03.2015 20:37, Maxthon Chan wrote:
> Seem relevant, so I am just throwing it out here:
> How about making TLS mandatory, and the URL scheme “http:” and “https:” only determines whether the certificate is checked or not?
what should be the benefit of this behaviour?
  please think of the user/client side, not the server side when 
answering this;
> Also since HTTP/1.1 have a protocol upgrade mechanism, how about using that as a stepstone of HTTP/2 (that is, all sessions is initiated as HTTP/1.1, and a HTTP/2-capable server tells the client it can start using HTTP/2 features in the resulting HTTP/1.1 header and further communications is HTTP/2)
this is the only way; and the client must be able to refuse this and go 
further with HTTP/1.1 ...; and a client that is not capable of using 
HTTP/2.0 will hopefully ignore this ...


Received on Tuesday, 31 March 2015 18:55:46 UTC