Re: something I don't get about the current plan... from Amos Jeffries on 2013-11-17 (ietf-http-wg@w3.org from October to December 2013)

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 18 Nov 2013 10:24:52 +1300
To: ietf-http-wg@w3.org
Message-ID: <3cb9c8cb9c394090203d1275b8240e9d@treenet.co.nz>

On 2013-11-18 06:56, Roland Zink wrote:
> I think the argument is that when HTTP2 is deployed by X then X can
> use a proper cert and it will work regardless of the middleware. When
> depending on things being changed in the middle then a HTTP/2 solution
> can't be deployed reliable.
> 
> I think
> 
> 1) this promise will not hold in future and probably is not even true 
> now.
> 2) Without all clients being HTTP/2 it will be necessary to offer
> HTTP/2 and HTTP/1 simultaneously anyway, so is it really a big
> advantage to have the HTTP/2 part be more reliable?

When talking reliability the answer there is yes. The big problem is 
(1), and when that happens (like it does) the trouble of HTTP/2 
implementation starts to be not worth the time adding.

> 3) If HTTP/2 is a success then bugs in the middleware will be fixed 
> fast

+1.

> 4) Personally I'm pessimistic about the certs, even remembering about
> the expiry date doesn't work for me.
> 5) Using a separate port would help to separate HTTP/1 and HTTP/2
> infrastructures and will make the solution more reliable

But *is* somewhat outside charter :

"Retain the semantics of HTTP/1.1, leveraging existing documentation" 
... which all talks about port 80 for HTTP and http://.

"The resulting specification(s) are expected to meet these goals for 
common existing deployments of HTTP; in particular, ...  intermediation 
(by proxies, corporate firewalls, "reverse" proxies and Content Delivery 
Networks)."

... which are today all implemented for port 80.

The use of port 443 is not just about the certs issues. But also about 
reluctance of networks to open port 443 for blind traffic relay. Any new 
port will be facing this battle from scratch as mentioned by others 
already.

> On 17.11.2013 18:10, Julian Reschke wrote:
>> On 2013-11-17 17:53, Mike Belshe wrote:
>>> OK - I see.
>>> 
>>> I think you're mixing current stats (only 30% of sites today have 
>>> certs
>>> - seems high?) with incompatibilities - 100% of sites can get certs
>>> today if they want them.  So HTTP/2 requiring certs would not be
>>> introducing any technical incompatibility (like running on port 100 
>>> would).
>>> 
>>> Mike
>> 
>> So we are optimistic that servers can be fixed to use proper certs, 
>> but pessimistic that bugs in middleware will be fixed?
>> 

Not to forget "optimistic that use of other ports will not involve 
middleware bugs" ... including port 443.

Amos

Received on Sunday, 17 November 2013 21:25:17 UTC