- From: Michael Sweet <msweet@msweet.org>
- Date: Wed, 22 Oct 2025 18:33:44 -0400
- To: Erik Nygren <nygren@gmail.com>
- Cc: Ben Schwartz <bemasc@meta.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Erik, > On Oct 22, 2025, at 6:12 PM, Erik Nygren <nygren@gmail.com> wrote: > ... > Here is a much more opinionated position on this: https://http1mustdie.com/ > but I don't think captures the reality that http1 isn't going to die anytime soon, > even if we publish an http1-considered-harmful draft. IMHO this is more of an argument that HTTP/1.x *proxies* must die. Direct connections to local HTTP/1.1 services (like the billions of printers, cameras, and other IoT widgets out there that aren't going away anytime soon...) should not be vulnerable to this sort of attack. ________________________ Michael Sweet
Received on Thursday, 23 October 2025 14:03:36 UTC