- From: Martin Thomson <mt@lowentropy.net>
- Date: Tue, 08 Sep 2020 10:23:27 +1000
- To: ietf-http-wg@w3.org
Thanks, that's a helpful list. If you feel like adding anything, I'm keeping a list here: https://github.com/martinthomson/http2-spec/issues On Tue, Sep 8, 2020, at 09:41, Ian Swett wrote: > I'd support: > > 1) Removing h2c! > 2) Removing priorities entirely, but not adding anything new > 3) Adding TLS 1.3 > 4) Adding GREASE, or at least clarifying the text to make it clear that > greasing is allowed, since there was some confusion on that. > 5) Adding security considerations/etc for the Netflix/Purple Wolf > attack vectors. > > Hopefully, not much else, besides errata. > > Is the intent to change the ALPN? Because given the challenges > GREASEing SETTINGS and various extension frames, I think that could be > helpful. +Bence Béky I think that none of the above require anything that drastic. What I would instead suggest is that the specification identify where there are challenges. That is, it would mention that priorities exist, but explain that using them was not interoperable. It probably needs to include the format of the frames in order to ensure that implementations know when to generate errors or not in relation to them (there are some MUST-level requirements that the unwitting might trip otherwise), but the semantic descriptions can be cut.
Received on Tuesday, 8 September 2020 00:24:06 UTC