RE: Call for Adoption: Secondary Certificate Authentication in HTTP/2

That was actually the previous state -- in BA, the working group decided to merge them before the CfA, since they use the same frames in opposite directions.  I don't feel too strongly either way, though I tend to prefer the merged version simply because otherwise you spend the whole second draft defining how to use the same frames in a different way.

-----Original Message-----
From: Cory Benfield [] 
Sent: Friday, June 24, 2016 1:29 AM
To: Mark Nottingham <>
Cc: HTTP Working Group <>
Subject: Re: Call for Adoption: Secondary Certificate Authentication in HTTP/2

> On 24 Jun 2016, at 01:41, Mark Nottingham <> wrote:
> <>
> We've discussed carrying certificates and related artefacts in HTTP for a long time. This draft from Mike and Martin is an evolution of several previous approaches.
> Please state whether you support adoption, and ideally why. Expressions of interest in implementation would also be very helpful.

This draft seems like it does address several of the concerns that have been raised about certificates in HTTP/2.

My biggest concern with it is that this is a *massive* draft that appears to address several related but independent concerns at once. I’m not immediately sure that that’s the best approach with this: is there any value in breaking this draft up until multiple drafts, each of which addresses a single concern? At the very least we could have two: one for the AltSvc case of multiple origins on one connection, and one for the client certificate case.


Received on Friday, 24 June 2016 13:53:07 UTC