One of the approaches considered for improving security is opportunistic encryption.

Two variants have been discussed; "relaxed" where server authentication is not checked, and "strict", where it is. In discussion, it appears that there's a preference for just using HTTPS URLs over "strict", but there is still some interest in "relaxed."

There appears to be some implementer interest in this approach, but not yet readiness to implement, so this issue is on hold.

Note that opp encryption might also be applied to HTTP/1.1.