- From: Ben Bucksch <notifications@github.com>
- Date: Thu, 09 Jun 2022 11:34:24 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 9 June 2022 11:34:37 UTC
The [comment you cite](https://github.com/whatwg/fetch/issues/966#issuecomment-554985629) does not mention security concerns. Are you saying that you want to explicitly support SSL-breaking man-in-the-middle boxen, and would like to remove a feature from HTTP, because such encryption-breaking boxes might not explicitly support it? Or am I misunderstanding you? The spec currently does allow HTTP/1.1. Now, PR #1444 is proposing to _explicitly forbid_ it. That's new. I do not see a good reason to forbid it and to stop others from implementing it. Instead, could you change the spec to more clearly state how you intend to support this feature with HTTP/2, allowing you to implement what you call "MVP", but could you leave the HTTP/1.1 part of the spec simply _as-is_, allowing others like Firefox or node.js to implement it for HTTP/1.1 as well? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1438#issuecomment-1151009511 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1438/1151009511@github.com>
Received on Thursday, 9 June 2022 11:34:37 UTC