On Sat, Oct 16, 2021, at 15:17, Adam Roach wrote: >> - RFC8164 from Experimental to Historic >> (Opportunistic Security for HTTP/2) > > It's worth observing that this mechanism remains implemented in Firefox This feature is being disabled. We've been meaning to do this for a while now, mainly due to low usage rates[1], but we recently got a little nudge. Firefox 94 (scheduled for release 2021-11-02) will have the feature disabled. I expect that we will remove the supporting code in future releases. The main problem here is the continued increase in HTTPS adoption. HTTPS offers genuine security and displaces the opportunistic mechanism. This feature was only ever intended to act as a short-term bridge. It might not have achieved that goal, but we're happy that the continued improvement in HTTPS (and certificate) availability has made that bridge largely unnecessary. We also acknowledge that other implementations did not choose to include the feature. Recognizing that market failure and moving on is healthy. [1] https://mzl.la/3vncCp2 -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
