In Paris, engineers at the IETF met to take steps to overhaul Hypertext Transfer Protocol, known to the average person as HTTP. The group openly discussed how they could make the technology faster during the meeting last week.
Why do we need to change HTTP?
One word: speed. With all the devices on the Web, it makes things complicated to have a uniform system. This new plan will rebuild standards that touch every device on the web, and make them run faster.
The Paris meeting on overhauling HTTP included presentations about four specific proposals for HTTP 2.0, including SPDY by Google (that’s being used right now), and HTTP Speed+ Mobility developed at Microsoft. The key differences between Google and Microsoft’s plan has to deal with encryption. Google’s SPYD requires encryptions whereas Microsoft’s HTTP Speed + the preference would be options, I can only assume with the auto setting to non-encrypted. Despite all the differences, there is agreement on what needs to be fixed and most web standard matters.
Google has the lead with Google Chrome and Amazon Silk browsers, with Firefox set to join in two weeks. Google, Amazon, and Twitter are currently using the SPDY technology on their servers. Google has hard data showing that the technology has speedy benefits.
“We’ll discuss SPDY because it’s here, but other proposals will be discussed too,” Mark Nottingham, chairman of the HTTP Working Group stated in his presentation. “If we do choose SPDY as a starting point, that doesn’t mean it won’t change.”
SPDY co-creator Mike Belshe noted that the Microsoft and Google proposals are almost the same. But SPDY calls for encrypted connections all the way from a Web server to the browser it’s communicating.
“Google and Microsoft proposals is in syntax, but the developers are flexible on that point and the choice of compression technology,” Belshe said.
Gabriel Montenegro from Microsoft pointed out that encryption must be optional to allow HTTP 2.0 to meet certain scenarios and regulations. “HTTP 2.0 is a universal replacement for HTTP 1.X, and there are some instances in which imposing TLS is not required (or allowed),” Montenegro said. “For example, a ‘random thought of the day’ web service has very little need for it, nor does a sensor spewing out a temperature reading every few seconds.”
Google responded that users care about encryptions on mobile devices and with current tech and new tech it’s feasible to have encryption on all devices. Though encryption is from a browser to web server and back that caches data on web servers which typically damages the businesses of content delivery networks, Google believes that users should come first.
“Users care about privacy and security more than whether some guy can cache something in the middle,” Belshe said. “Security is not free, but we can make it so it’s free to users.”
What do you think about this? Which do you think is correct, encrypted HTTP or non-encrypted HTTP?