Re: Adoption call for draft-schwartz-httpbis-optimistic-upgrade from Ben Schwartz on 2024-01-25 (ietf-http-wg@w3.org from January to March 2024)

From: Ben Schwartz <bemasc@meta.com>
Date: Thu, 25 Jan 2024 15:59:46 +0000
To: Glenn Strauss <gs-lists-ietf-http-wg@gluelogic.com>, Tommy Pauly <tpauly@apple.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <SA1PR15MB437027C9D17BC5E27708ED4AB37A2@SA1PR15MB4370.namprd15.prod.outlook.com>

Hi Glenn,

I agree, the standardization status of "Upgrade: HTTP/2.0" seems to be ambiguous.  In this draft version, I attempted to address it for completeness without implying that it actually exists.  I'm happy to delete or rework that section as needed.

--Ben
________________________________
From: Glenn Strauss <gs-lists-ietf-http-wg@gluelogic.com>
Sent: Thursday, January 25, 2024 1:04 AM
To: Tommy Pauly <tpauly@apple.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: Adoption call for draft-schwartz-httpbis-optimistic-upgrade

!-------------------------------------------------------------------|
  This Message Is From an External Sender

|-------------------------------------------------------------------!

On Tue, Jan 23, 2024 at 09:41:39AM -0800, Tommy Pauly wrote:
> Hello HTTP,
>
> This email starts a working group adoption call for "Security Considerations for Optimistic Use of HTTP Upgrade”, draft-schwartz-httpbis-optimistic-upgrade. Notably, this updates RFC 9298 (connect-udp, which was produced by the MASQUE WG) on how to handle HTTP Upgrade, including to disallow optimistic data sending for HTTP/1.1.
>
> The document can be found here:
>
> https://datatracker.ietf.org/doc/draft-schwartz-httpbis-optimistic-upgrade/
> https://www.ietf.org/archive/id/draft-schwartz-httpbis-optimistic-upgrade-00.html
>
> This adoption call will last for 3 weeks, until Tuesday, February 13. Please reply to this email with your reviews and comments, and whether or not you think HTTPBIS should adopt this draft.

The draft section 5.1 "HTTP" mentions token "HTTP/2.0".

Is there a published RFC -- not an expired draft -- which describes
handling of Upgrade: HTTP/2.0?  Are there any known implementations
(client or server) which support HTTP/1.1 Upgrade: HTTP/2.0?

There is a now-obsoleted h2c token for HTTP/1.1 upgrade of clear-text
(non-encrypted) HTTP/1.1 via HTTP/1.1 Upgrade: h2c, but h2c is
different from Upgrade: HTTP/2.0

Thank you for pointers to Upgrade: HTTP/2.0 specifications, besides a
brief mention of 'e.g., "2.0"' in RFC 9110 Section 18.10
Upgrade Token Registration.

Cheers, Glenn

Received on Thursday, 25 January 2024 16:00:06 UTC