localhost domains and HTTP/2 and beyond

[annevk]

It seems somewhat inevitable we might eventually want to migrate beyond HTTP/1 or require HTTP/2 for certain features (e.g., this often comes up with upload streaming). This poses a problem for localhost development (a useful location as it's a secure context) as there's no valid certificate there. Is this something we should tackle or is that the point where localhost ceases to be useful and you have to get a domain somehow?

[aerik]

AGH! "Have to get a domain somehow"? nononononono....

Please see https://github.com/w3c/webappsec-secure-contexts/issues/60 for a discussion of some issues (and I'm sure there are more) with placing more and more restrictions on features. Security is important, but we are slowly crippling the web for many (I think "tens of thousands" is probably conservative) users.

[TomCJones]

This is similar to the request recently made in OpenID to require https for local host, because it is more secure. I personally use in in production systems to access local resources. I can't image how i would do that if domain names were required.