Re: Adoption call for draft-schwartz-httpbis-optimistic-upgrade

On Thu, Jan 25, 2024 at 01:04:27AM -0500, Glenn Strauss wrote:
> On Tue, Jan 23, 2024 at 09:41:39AM -0800, Tommy Pauly wrote:
> > Hello HTTP,
> > 
> > This email starts a working group adoption call for "Security Considerations for Optimistic Use of HTTP Upgrade", draft-schwartz-httpbis-optimistic-upgrade. Notably, this updates RFC 9298 (connect-udp, which was produced by the MASQUE WG) on how to handle HTTP Upgrade, including to disallow optimistic data sending for HTTP/1.1.
> > 
> > The document can be found here:
> > 
> > https://datatracker.ietf.org/doc/draft-schwartz-httpbis-optimistic-upgrade/
> > https://www.ietf.org/archive/id/draft-schwartz-httpbis-optimistic-upgrade-00.html
> > 
> > This adoption call will last for 3 weeks, until Tuesday, February 13. Please reply to this email with your reviews and comments, and whether or not you think HTTPBIS should adopt this draft.
> 
> The draft section 5.1 "HTTP" mentions token "HTTP/2.0".
> 
> Is there a published RFC -- not an expired draft -- which describes
> handling of Upgrade: HTTP/2.0?

No, we proposed that 11 years ago here:

  https://datatracker.ietf.org/doc/html/draft-montenegro-httpbis-http2-negotiation

Finally it was turned to "h2c" in RFC7540:

  https://www.rfc-editor.org/rfc/rfc7540#section-3.2

And dropped from RFC9113 as not implemented or not relevant enough:

  https://www.rfc-editor.org/rfc/rfc9113.html#versioning

> Are there any known implementations
> (client or server) which support HTTP/1.1 Upgrade: HTTP/2.0?

There might be some agents supporting the now deprecated Upgrade
mechanism, but if so they should support it with the "h2c" token,
not "HTTP/2.0" which was only a draft proposal which expired 2
years before H2 was finally published. Hence it should be safe
enough to assume that no implementation supports this.

Regards,
Willy

Received on Saturday, 27 January 2024 07:09:15 UTC