vacancies advertise contact news tip The Vault
facebook rss twitter

HTTP/2 finalised says IETF HTTP Working Group chair

by Mark Tyson on 18 February 2015, 15:20

Quick Link: HEXUS.net/qaco6o

Add to My Vault: x

HTTP/2 has been finalised, according to Mark Nottingham, chair the IETF HTTP Working Group and am a member of the W3C TAG. In a blog post today simply entitled 'HTTP/2 is Done', Nottingham said that the IESG has formally approved the HTTP/2 and HPACK specifications. Now the standard is going to go through some editorial tweaks before publishing.

The new version of the Hypertext Transfer Protocol is a "huge deal," reports The Next Web. It is the first major revamp of the protocol since 1999 when HTTP/1.1 was adopted. As such it will bring the protocol up to speed with several new web technologies and provide benefits as faster page loads, hold connections longer and help servers push data to your cache. According to the HTTP/2 homepage on Github "the focus of the protocol is on performance; specifically, end-user perceived latency, network and server resource usage. One major goal is to allow the use of a single connection from browsers to a Web site."

The key high level differences that HTTP/2 possesses compared to HTTP/1.X are as follows:

  • HTTP/2 is binary, instead of textual
  • It is fully multiplexed, instead of ordered and blocking
  • It can therefore use one connection for parallelism
  • It uses header compression to reduce overhead
  • It allows servers to 'push' responses proactively into client caches

HTTP/2's multiplexing goes further than HTTP/1.1's parallelism to fix a problem called 'head of line blocking' where only one request can be outstanding on a connection at a time. The new protocol implements far fewer concurrent connections. Previously a single web page with multiple origins could easily open 30 or so data connections, causing problems such as buffer overflow, congestion and monopolising your network – effectively stealing resources from other internet services/apps. The implementation of header compression will also improve your browsing experience greatly, especially on mobiles, according to the HTTP/2 FAQ.

Only a few days back Google announced that it plans to fully switch to HTTP/2 in Chrome. Google's SPDY/2 was the basis of HTTP/2 and its core developers were involved in HTTP/2. TNW reports that developers can already test out the new protocol in both Chrome and Firefox. For more information please refer to the HTTP/2 FAQ.



HEXUS Forums :: 7 Comments

Login with Forum Account

Don't have an account? Register today!
Easier to snoop on…. yay!

NOT.
How do you work that one out? If anything, HTTP2 makes cryptography more accessible.
It uses 1 tcpip connection instead of multiples ones.

Ie one less step in piecing it together.
Thus making the whole system far more efficient. However it's still muxed at a higher level, and the single TCP stream is just coincidental as far as privacy is concerned - that's what cryptography is for at the end of the day.

If you're expecting parallel TCP connections to offer even a whiff of privacy you'll be sorely disappointed; reassembling streams is really quite trivial - it's what browsers and servers are doing all the time. Tools like Wireshark are quite good at it too. There's a chance some of the packets will find themselves on separate routes over longer connections but that's about it, and that still applies.

It doesn't even make it to storm in a teacup TBH, it's a complete non-issue.
Mate that is a massively uneducated statement and is nothing short of scare-mongering. HTTP/2 should be celebrated, please don't give people false ideas about security concerns you don't really know anything about