Yann, I am with you and feel at least unease about this mixing.

But the RFC has been approved and browsers will adhere to it. So if we do not 
enforce some policies in the server, connections will fail for mysterious 
reasons. And tickets will be raised...


> Am 09.06.2015 um 12:06 schrieb Yann Ylavic <ylavic....@gmail.com>:
> 
> On Tue, Jun 9, 2015 at 11:21 AM, Stefan Eissing
> <stefan.eiss...@greenbytes.de> wrote:
>> 
>> Also from RFC 7540, 9.2.1
>> "A deployment of HTTP/2 over TLS 1.2 MUST disable renegotiation.“
>> 
>> (Once the h2 session is established, renegotiation may appear before that.)
>> 
>> This is all a result of the „securing the web“ thinking where now HTTP and 
>> TLS requirements get interwoven and layers are mixed.
> 
> <sarcasm>
> Security by mixing layers, how ironic!
> Surely HTTP/2 will secure those who want to share private and valuable
> informations (secretly), as to the web...
> It could have been that, though.
> </sarcasm>
> 
> PS: nothing personal Stefan, just about the new protocol I'm trying to 
> digest...

<green/>bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782



Reply via email to