On 06/15/2016 01:32 PM, William A Rowe Jr wrote:
It seems to me that we -can- implement Connection: Upgrade Upgrade: h2 on a plaintext connection, which is simply shorthand for Upgrade: TLS/1.x, HTTP/2 where the TLS connection *must* handshake with the ALPN token 'h2' (the 102 Switching Protocols would be followed by a TLS HELO), and that restricted set of TLS protocols and ciphers acceptable to the HTTP/2 protocol.
It may be *allowed* (I'm still mulling it over in my head; it seems to me to be a substantial stretching of the spirit of the Upgrade dance)... but I would seriously hope that httpd *doesn't* decide to do this. At least not without a really good client use case first. Additional fragmentation of the handshake types increases complexity and attack surface.
I am very curious about Roy's assertion (AIUI) that the 'HTTP/2.0' upgrade token is implicitly defined by the existence of RFC 7540. What are its semantics? Are they equivalent to those of the 'h2c' token?
(I understand that RFC 7230 *registers* all tokens of the form 'HTTP/m.n'. That is different to me than saying, "If someone in the future creates an RFC called HTTPv4, all 'HTTP/4.x' tokens are automatically defined by that specification, whether they know it or not.")
--Jacob
