On Feb 26, 2012, at 2:44 AM, Mark Nottingham wrote:
I proposed a plan that I think might allow us to make progress
on that. I believe we could.
Could you please explain why you think tying this effort to HTTP/2.0 is
necessary to achieve that? To me that's the critical bit, and I still haven't
seen the reasoning (perhaps I missed it).
I think I have *an* answer to this, though probably not *the* answer.
There's two stages to adoption - implementation and roll-out. Obviously you
can't roll out "new authentication" before the browsers and servers implement
it. For my website, I wouldn't roll out new auth if only one or two of the
browsers out there implemented it. Even if all the big ones (IE, Firefox,
Chrome, Opera) did, I would still have to provide a backwards compatibility
authentication scheme to support older browsers. This would lead to both
makes the roll-out slower.
If any HTTP/2.0 browser is bound to have "new authentication" it makes things
This could be circumvented by adding request headers that advertise
capabilities, but I don't think we like those much.
Ietf mailing list