vasilvv
commented
2 months ago We've considered that, but there is already shipped code out there that predates us having those.
Also, HTTP resources are identified by URIs, which are different from QUIC endpoints (that only have host and port), so the risk level for those is different.
In QUIC we made ALPN mandatory to avoid protocol confusion attacks. Should the new mechanism we're introducing for WebTransport be mandatory as well?