- From: Eric J Bowman <mellowmutt@zoho.com>
- Date: Fri, 31 Jul 2020 16:47:10 -0700
- To: "Ietf Http Wg" <ietf-http-wg@w3.org>
- Message-Id: <173a745b6b7.e84f51cd55203.5714415482168204840@zoho.com>
Please refer me to previous discussions about why h2 and h2c, but no h1, h1c, or h3. I'm coding a webserver from scratch, with the goal of serving an index.html file and its ancillaries, over any of HTTP/1.1, HTTP/2, HTTP/3, FTP, WAKA (if Roy ever publishes it), or "ERIC" because I have my own ideas. Encrypted or not (I realize "not" isn't an option with HTTP/3). So the main loop is protocol-negotiation hell worse than any conneg/langneg I've ever coded. If I'm hosting multiple websites on my service, I might want to default to h2, at this time. But if one of those client websites is a law firm, they don't care about serving legal definitions over "h1c" to incarcerated clients, who aren't allowed to use encryption unless it's attorney-client privileged communication. So, how does a gateway at the prison wall connect using h2 but request "Downgrade: h1c"? Or maybe there could be a "Protocol" header with a weighted list (lol). (Taking a presentation I watched on YouTube by PHK, to heart -- some sovereign states disallow encryption, and heck, America's own FBI wants to kill it. But I agree it's important to be able to downgrade to cleartext.) Or, why can't an h2c connection request Upgrade: h3? Coding my webserver to shift those gears, turns out to be trivial, all things considered at this point. So, why are only h2/h2c standardized as Upgrade tokens? -Eric
Received on Friday, 31 July 2020 23:47:27 UTC