Re: Moving forward on improving HTTP's security

This also means HTTP/2 is not for everyone, it's only for big business, and you cannot get the speed benefit without some hardware investments.
It also means that speed consciousness webdesigners will still have to continue using the awful CSS sprites trick when their target server is still HTTP/1.1 based.
HTTP/2 sounded like a magical speed promise… that would be quickly adopted, but now it just looks like an alternative solely made for the big guys.

Roberto Peon wrote:

> The radio far dominates battery life considerations w.r.t IO on mobile devices, so if we were super worried about that, we'd be working on getting the best possible compression algorithm for entity-bodies.
> 
> I note that with Mark's proposed 'C':
> Encryption is not mandatory- one simply uses HTTP/1.1 if one don't want encryption. Noone is thus forced to do anything: they're not forced to spend more CPU, etc., unless they believe the benefit outweighs the cost.
> 
> Honestly, this is where we are anyway. We don't have the power, even if we wished it, to throw away HTTP/1.X and so we'll always be competing against its cost/benefit.
> 
> I'm pretty happy with either 'C' or any other proposal that provides strong downgrade protection.
> 
> -=R

Received on Thursday, 14 November 2013 03:01:40 UTC