IIUC Patrick correctly, I think one threat model relates to connection
coalescing. Imagine two resources: a.example.com/index.html includes
b.example.com/foo.js and the properties of these resources (i.e. authority
and certs) satisfy the requirements for HTTP/2 connection reuse as
described in https://tools.ietf.org/html/rfc7540#section-9.1.1.
a.example.com and b.example.com are in different administrative domains but
requests for b.example.com/foo.js are able to obtain information about the
state of the connection including the effect of requests to a.example.com.
This could be used for fingerprinting or some other form of attack from one
domain to the other.
Lucas