On Tue 2015-06-09 13:43:59 -0400, Roy T. Fielding wrote:
> WRT renegotiation, it is fair to say that the WG punted on the idea
> due to lack of time. If someone figures out a way to safely
> renegotiate an h2 connection (and all of its streams), then go ahead
> and implement it, describe it in an I-D, and submit it to the httpbis
> WG. There is nothing wrong with Apache leading by example.
As a heads-up: in the TLS WG, we are strongly considering banning
renegotiation altogether in TLS 1.3. We are working on an alternate
mechanism for clients that need to re-authenticate after having
requested a a resource over an unauthenticated channel, but it will
probably not be a full TLS renegotiation.
--dkg
