mnot/gist:9660370

## gistfile1.xml
      <section anchor="opportunistic" title="Discovering TLS Support for http:// URIs">
        <t>
          A server wishing to advertise support for HTTP/2 over TLS for http:// URIs MAY do so by
          including an Alt-Svc (see <xref target="AltSvc"/>) response header with the "h2" protocol
          identifier.
        </t>

        <t>
          For example, a HTTP/1 connection could indicate support for HTTP/2 on port 443 for use
          with future http:// URI requests with this Alt-Svc header:
        </t>

        <figure>
          <artwork><![CDATA[
  HTTP/1.1 200 OK
  Alt-Svc: "h2"=443
  ]]></artwork>
        </figure>

        <t>
          The process for starting HTTP/2 over TLS for an http:// URI is the same as the connection
          process for an https:// URI, except that authentication of the TLS channel is not
          required; the client MAY ignore authentication failures. This enables servers that only
          serve http:// URIs to use credentials that are not tied to a global PKI, such as
          self-signed certificates.
        </t>

        <t>
          Clients MAY reserve the use of certain security sensitive optimizations, such as caching
          the existence of this successful connection, for authenticated connections.
        </t>

        <t>Eligible http:// URIs:</t>

        <t>
          <list style="numbers">
            <t>Use the same host name as the URI accessed over TLS, and </t>
            <t>Do not contain an explicit port number. </t>
          </list>
        </t>

        <t>
          For example, if the client has successfully made a request for the URI
          "https://example.com/foo", then it may attempt to use TLS to make a request for the URI
          "http://example.com/bar", but not for the URI "http://example.com:80/". In particular, if
          a client has a TLS connection open to a server (for example, due to a past "https"
          request), then it may re-use that connection for "http" requests, subject to the
          constraints above.
        </t>
      </section>
	<section anchor="opportunistic" title="Discovering TLS Support for http:// URIs">
	<t>
	A server wishing to advertise support for HTTP/2 over TLS for http:// URIs MAY do so by
	including an Alt-Svc (see <xref target="AltSvc"/>) response header with the "h2" protocol
	identifier.
	</t>

	<t>
	For example, a HTTP/1 connection could indicate support for HTTP/2 on port 443 for use
	with future http:// URI requests with this Alt-Svc header:
	</t>

	<figure>
	<artwork><![CDATA[
	HTTP/1.1 200 OK
	Alt-Svc: "h2"=443
	]]></artwork>
	</figure>

	<t>
	The process for starting HTTP/2 over TLS for an http:// URI is the same as the connection
	process for an https:// URI, except that authentication of the TLS channel is not
	required; the client MAY ignore authentication failures. This enables servers that only
	serve http:// URIs to use credentials that are not tied to a global PKI, such as
	self-signed certificates.
	</t>

	<t>
	Clients MAY reserve the use of certain security sensitive optimizations, such as caching
	the existence of this successful connection, for authenticated connections.
	</t>

	<t>Eligible http:// URIs:</t>

	<t>
	<list style="numbers">
	<t>Use the same host name as the URI accessed over TLS, and </t>
	<t>Do not contain an explicit port number. </t>
	</list>
	</t>

	<t>
	For example, if the client has successfully made a request for the URI
	"https://example.com/foo", then it may attempt to use TLS to make a request for the URI
	"http://example.com/bar", but not for the URI "http://example.com:80/". In particular, if
	a client has a TLS connection open to a server (for example, due to a past "https"
	request), then it may re-use that connection for "http" requests, subject to the
	constraints above.
	</t>
	</section>