TLS extension needed for HTTP/2.0
Matthew Hall
mhall at mhcomputing.net
Tue Jul 23 22:50:16 UTC 2013
On Tue, Jul 23, 2013 at 05:41:52PM -0500, Zhong Yu wrote:
> Note that HTTP/2.0 is in very early stage; it's possible that the
> requirement of ALPN could be relaxed if there's difficulty to
> implement it on popular platforms; see this thread:
> http://lists.w3.org/Archives/Public/ietf-http-wg/2013JulSep/0425.html
I'm not sure putting ALPN in there is the best idea, if you want this to work
right on millions of already deployed but un-upgradeable mobile devices around
the world.
I think maybe it makes more sense to have an HTTP/2.0 string like what's seen
with HTTP/1.0 and HTTP/1.1 or some other such mechanism that doesn't cause
contamination between the layers of the protocol stack.
Matthew.
More information about the security-dev
mailing list