TODO: added several ideas, removed SPDY

1 files changed, 56 insertions, 14 deletions

diff --git a/docs/TODO b/docs/TODO
index 30f208718..49851e909 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -35,6 +35,10 @@
  1.17 Add support for IRIs
  1.18 try next proxy if one doesn't work
  1.19 Timeout idle connections from the pool
+ 1.20 SRV and URI DNS records
+ 1.21 QUIC
+ 1.22 Monitor connections in the connection pool
+ 1.23 Offer API to flush the connection pool
 
  2. libcurl - multi interface
  2.1 More non-blocking
@@ -60,10 +64,9 @@
  5.1 Better persistency for HTTP 1.0
  5.2 support FF3 sqlite cookie files
  5.3 Rearrange request header order
- 5.4 SPDY
  5.5 auth= in URLs
  5.6 Refuse "downgrade" redirects
- 5.7 More compressions
+ 5.7 Brotli compression
 
  6. TELNET
  6.1 ditch stdin
@@ -103,6 +106,7 @@
  13.6 Provide callback for cert verification
  13.7 improve configure --with-ssl
  13.8 Support DANE
+ 13.9 Support TLS v1.3
 
  14. GnuTLS
  14.1 SSL engine stuff
@@ -227,11 +231,12 @@
 1.8 Allow SSL (HTTPS) to proxy
 
  To prevent local users from snooping on your traffic to the proxy. Supported
- by Chrome already:
+ by Firefox and Chrome already:
  https://www.chromium.org/developers/design-documents/secure-web-proxy
 
- ...and by Firefox soon:
- https://bugzilla.mozilla.org/show_bug.cgi?id=378637
+ See this stale work in progress branch:
+ https://github.com/curl/curl/tree/HTTPS-proxy based on this PR:
+ https://github.com/curl/curl/pull/305
 
 1.9 Cache negative name resolves
 
@@ -342,6 +347,39 @@
  in the pool), we should introduce a timeout so that connections that have
  been idle for N seconds get closed.
 
+1.20 SRV and URI DNS records
+
+ Offer support for resolving SRV and URI DNS records for libcurl to know which
+ server to connect to for various protocols (including HTTP!).
+
+1.21 QUIC
+
+ The standardization process of QUIC has been taken to the IETF and can be
+ followed on the [IETF QUIC Mailing
+ list](https://www.ietf.org/mailman/listinfo/quic). I'd like us to get on the
+ bandwagon. Ideally, this would be done with a separate library/project to
+ handle the binary/framing layer in a similar fashion to how HTTP/2 is
+ implemented. This, to allow other projects to benefit from the work and to
+ thus broaden the interest and chance of others to participate.
+
+1.22 Monitor connections in the connection pool
+
+ If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
+ curl while the connection is held in curl's connection pool, the socket will
+ be found readable when considered for reuse and that makes curl think it is
+ dead and then it will be closed and a new connection gets created instead.
+
+ This is *best* fixed by adding monitoring to connections while they are kept
+ in the pool so that pings can be responded to appropriately. It would also
+ proper allow libcurl to close connections (earlier) when they are closed by
+ the server. Also, see "1.19 Timeout idle connections from the pool"
+
+1.23 Offer API to flush the connection pool
+
+ Sometimes applications want to flush all the existing connections kept alive.
+ An API could allow a forced flush or just a forced loop that would properly
+ close all connections that have been closed by the server already.
+
 
 2. libcurl - multi interface
 
@@ -473,14 +511,6 @@ This is not detailed in any FTP specification.
  headers use a default value so only headers that need to be moved have to be
  specified.
 
-5.4 SPDY
-
- Chrome and Firefox already support SPDY and lots of web services do. There's
- a library for us to use for this (spdylay) that has a similar API and the
- same author as nghttp2.
-
- spdylay: https://github.com/tatsuhiro-t/spdylay
-
 5.5 auth= in URLs
 
  Add the ability to specify the preferred authentication mechanism to use by
@@ -500,7 +530,7 @@ This is not detailed in any FTP specification.
  Consider a way to tell curl to refuse to "downgrade" protocol with a redirect
  and/or possibly a bit that refuses redirect to change protocol completely.
 
-5.7 More compressions
+5.7 Brotli compression
 
  Compression algorithms that perform better than gzip are being considered for
  use and inclusion in existing browsers. For example 'brotli'. If servers
@@ -658,6 +688,18 @@ that doesn't exist on the server, just like --ftp-create-dirs.
  https://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the
  correct library to base this development on.
 
+ Björn Stenberg wrote a separate initial take on DANE that was never
+ completed.
+
+13.9 Support TLS v1.3
+
+ TLS version 1.3 is about to ship and is getting implemented by TLS libraries
+ as we speak. We should start to support the symbol and make sure all backends
+ handle it accordingly, then gradually add support as the TLS libraries add
+ the corresponding support. There may be a need to add some additional options
+ to allow libcurl to take advantage of the new features in 1.3.
+
+
 14. GnuTLS
 
 14.1 SSL engine stuff