Re: HTTP 2.0: draft-ietf-httpbis-http2-04

On Wed, 10 Jul 2013, Appelquist Daniel (UK) wrote:

> @Yves - as you've been closest to this work do you think you could post
> your thoughts?  What are the key differences between HTTP 1.1 and HTTP 2.0
> that we ought to be focusing on from a Web Architecture perspective.  I
> will note that the TAG held a session on SPDY in 2011 with Mike Belshe:

As Noah mentionned it, mnot posted a good summary of HTTP/2.0 over 
HTTP/1.1, including a few items that are or may be an issue:

* The use of TLS which was always marketed as bringing "security", while
   it only protect from established traffic interception (and even in that
   case, there are multiple attacks against some ciphers) but not MITM
   attacks (well, provided the interceptors have the means of doing that,
   like having access to a Certificate Authority). Not news, but still an
   issue, and not worse than https

* Stream Priority
   While it's quite useful when you control your application to figure out
   the best order to bring content to the client, so useful for people who
   are able to go in that level of detail in the optimization of their
   application, I wonder if it will really work in the not 0.001% of top
   web sites, or if the priorities will always be "maximum".
   Also, in the current draft, you have this text, which is a good safety
   net for this feature:
<<
   Explicitly setting the priority for a stream does not guarantee any
    particular processing order for the stream relative to any other
    stream.
>>

Also on the topic of current page optimization techniques, I'm not 
convinced that people will easily reverse from using sprites by cutting a 
big image to requesting tons of small URLs via HTTP2, not only because of 
all the requests/replies involved, but also because compressing a big 
image is more efficient that multiple small ones in many cases. 
Noah, note also that doing mux at l7 to bypass issues at l4 is definitely 
another leakage, although a better controlled one.

The crux of HTTP/2.0 is that its goal is to be compatible with HTTP/1.1 as 
much as possible, meaning that from AWWW there should be no changes in the 
use of HTTP.

-- 
Baroula que barouleras, au tiƩu toujou t'entourneras.

         ~~Yves

Received on Monday, 22 July 2013 15:16:08 UTC