W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2012

Re: #385: HTTP2 Upgrade / Negotiation

From: 陈智昌 <willchan@chromium.org>
Date: Wed, 24 Oct 2012 12:10:30 -0700
Message-ID: <CAA4WUYj+yjt1KX9ZBJcooE_82+VKx2G-Ww1HiocY7RzBy5=Z6g@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Tue, Oct 23, 2012 at 9:51 PM, Mark Nottingham <mnot@mnot.net> wrote:

>
> On 24/10/2012, at 3:12 PM, William Chan (陈智昌) <willchan@chromium.org>
> wrote:
> >>
> >>>> Who's willing to do some experimentation? Specifically, does anyone
> have access to the code that was used before (IIRC, people bought some ads
> and inserted some Java to probe the network)?
> >>>
> >>> Do you mean the Chromium HTTP upgrade experiment agl referred to in
> >>> http://www.ietf.org/mail-archive/web/tls/current/msg05593.html?
> >>
> >> No, IIRC there was also some broader experimentation using ads; I'll
> dig around a bit more.
> >>
> >> Of course, if Chrome (or any other browser) would be interested in
> running an experiment, we'd love to do that too -- provided we can have
> input into the design.
> >
> > Is there anything you'd like to change about the design in
> > http://www.ietf.org/mail-archive/web/tls/current/msg05593.html? I'm in
> > general supportive of running experiments, I just don't want to waste
> > our time unless there was something deficient about the previous
> > experiment.
>
> Could you dig up the exact bytes-on-the-wire handshake that was used?
>

Er, I'm not an expert here, but here's the experiment
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/net/websocket_experiment/websocket_experiment_runner.cc?view=markup&pathrev=63020and
the handshake code (
http://src.chromium.org/viewvc/chrome/trunk/src/net/websockets/websocket_handshake.cc?view=markup&pathrev=63020
).


>
>
> > Also, I suspect a non-Google experiment would carry more
> > weight :) External validation is good.
>
> Agreed.
>
>
> > On that point, at Realtime Conf today, Arnout Kazemier provided a
> > bunch of data on issues with WebSockets deployment.
> > https://speakerdeck.com/3rdeden/realtimeconf-dot-oct-dot-2012. As he
> > says "tl;dl: Always use SSL".
>
>
> Thanks.
>
> I'd like to validate an assumption that has been discussed in-person in a
> meeting (forget which one) but IIRC not yet on-list.
>
> It's that if we can design an upgrade that fails fast and reliably for
> HTTP URLs, it's acceptable for there to be a (say) 70% success rate
> initially, with the idea that it will rise over time -- perhaps slowly, in
> terms of browser releases, but relatively quickly, in terms of the lifetime
> of HTTP.
>
> Can we (everyone) agree upon that?
>

Not trying to derail the thread, but <mumble>TLS</mumble> :)


>
> WRT WebSockets, keep in mind that the proxy/firewall/virus scanning
> vendors have had less than a year since it became an RFC, for a protocol
> that has (relatively) unproven demand and hard-to-nail-down semantics.
>
> I suspect that HTTP2, once we finish, will be get more priority from them;
> the demand is already proven, and the semantics of the protocol are easier
> to fit into their existing threat models, etc.


This is probably true, but I just wanted to point out that vendor support
!= actual deployments.


>
> Cheers,
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>
Received on Wednesday, 24 October 2012 19:10:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 24 October 2012 19:11:02 GMT