W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: SPDY = HTTP/2.0 or not ?

From: Brian Pane <brianp@brianp.net>
Date: Sun, 25 Mar 2012 17:50:39 -0700
Message-ID: <CAAbTgTu7qbPiREWRRqFddgoko0FCt0jmxR=NP1gqsiARCwscew@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Mar 25, 2012 at 3:59 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

>        2. SPDY's requirement for SSL is never going to fly with
>           p0rn^Wmultimedia sites, national emergency services,
>           and other high volume/high spike sites.

It looks like the current SPDY proposal only requires TCP, not SSL:
http://tools.ietf.org/html/draft-mbelshe-httpbis-spdy-00#section-2

Nonetheless, I think it would be reasonable for HTTP/2.0 to require SSL.

When HTTP/0.9 was first deployed, the typical client environment was
an academic LAN where the users trusted each other.  Today, the
typical client environment is a coffee shop with an open wireless
network.

If HTTP/2.0 has an operational life as long as HTTP/1.x has had,
decisions made this year will determine the default security of the
web in 2028.

If the HTTP/2.0 standard mandates TLS, it will create pressure for
implementors in the short term.  But that's good, because implementors
will see it as an opportunity.  Hardware developers will step up their
efforts to accelerate common ciphersuites.  Software developers will
step up their efforts to make session resumption scale.  And the
per-byte and per-session cost will drop.  And all those people in the
coffee shop will be better protected.

-Brian
Received on Monday, 26 March 2012 00:51:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT