Re: Call for Adoption: Secondary Certificate Authentication in HTTP/2 from Cory Benfield on 2016-06-24 (ietf-http-wg@w3.org from April to June 2016)

From: Cory Benfield <cory@lukasa.co.uk>
Date: Fri, 24 Jun 2016 09:28:44 +0100
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <3B8E2C61-91A6-431B-9805-1AD01E0B550D@lukasa.co.uk>

> On 24 Jun 2016, at 01:41, Mark Nottingham <mnot@mnot.net> wrote:
> 
> <https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs>
> 
> We've discussed carrying certificates and related artefacts in HTTP for a long time. This draft from Mike and Martin is an evolution of several previous approaches.
> 
> Please state whether you support adoption, and ideally why. Expressions of interest in implementation would also be very helpful.

This draft seems like it does address several of the concerns that have been raised about certificates in HTTP/2.

My biggest concern with it is that this is a *massive* draft that appears to address several related but independent concerns at once. I’m not immediately sure that that’s the best approach with this: is there any value in breaking this draft up until multiple drafts, each of which addresses a single concern? At the very least we could have two: one for the AltSvc case of multiple origins on one connection, and one for the client certificate case.

Cory

Received on Friday, 24 June 2016 08:29:19 UTC