- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Thu, 03 Jul 2014 06:34:34 +0000
- To: Yoav Nir <ynir.ietf@gmail.com>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
In message <7DB719C0-E22C-4954-9A72-3571C7193113@gmail.com>, Yoav Nir writes: >Why would anyone deploy a website over SCTP then? Because the carrot was big enough ? If for instance HTTP/SCTP increased sales 10% in your webshop, that would surely do it. Not that I know how that would ever happen. It should be borne in mind that there is a cost to even attempting: Most of us are still carrying code around to handle HTTP/1.0 and that code is seldom used and subject to code-rot and consequent security issues. More protocols -> more code -> more bugs -> more security holes. In that light it was good that HTTP/SCTP never grew to any relevant size: It would be terrible to have to keep it around just for one or two unescapable killer applications. (Denmarks National identification system "NemID" is just now wiggling out of the mandatory java-applet, ask any dane how much pain that has been!) Ideally our goal for any new HTTP version should have been to outcompete all previous versions, with a simpler, faster and more robust codebase, so that we ended up with less code and, fewer bugs and better security in the long run. But it is not obvious that will ever be possible: HTTP/1.1 became a success for many good reasons. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 3 July 2014 06:34:59 UTC