Most internet users don’t consider the protocols that underpin the web anymore than they do the stitching in their socks, but a major update to HTTP — the protocol that lets browsers download websites from servers — will affect everyone who goes online. After years in development, HTTP/2 has been formally approved. Although it will take many months (and possibly years) before it’s used around the web, the update will bring with it a global internet that’s more robust, more secure, and faster.
LIKE CRAMMING MULTIPLE BITS OF PAPER INTO A SINGLE ENVELOPE
Although HTTP/2 has been developed by an industry body (the IETF HTTP Working Group) it’s based on a custom version of the protocol created by Google named SPDY (fittingly pronounced “speedy”). Both SPDY and HTTP/2 use a number of communication efficiencies to speed up browsing, but the most important of these are “header field compression” and “multiplexing.” Together, they let browsers make multiple requests to web servers via a single connection. It’s a simple concept to grasp (just imagine cramming multiple bits of paper into a single envelope) and will have a big impact.
Many web users have already been enjoying the benefits of this technology without knowing it. Google first introduced SPDY in 2009 and the protocol was subsequently integrated into Chrome, Internet Explorer, and Firefox. However, SPDY is not widely supported across the web. Although some big sites — including Facebook, Twitter, and Google — use SPDY to boost connections on compatible browsers, it’s not a given. HTTP/2, by comparison, will bring the benefits of multiplexing to the masses, albeit over time.
As the existence of SPDY implies, HTTP isn’t a monolithic technology that was invented in the 90s and hasn’t changed since. There was a significant update in 1999 with HTTP/1.1, and this version has been tweaked over the years without introducing new version numbers. However, unlike previous updates, HTTP/2 has also been designed with government surveillance in mind — specifically the reaction to Edward Snowden’s revelations.
BUILT-IN ENCRYPTION WAS REJECTED FOR HTTP/2, BUT IT’LL STILL ENCOURAGE SAFER BROWSING
As well as faster browsing, it’s also hoped that HTTP/2 will boost security around the web — despite not integrating new encryption standards. It was originally planned that HTTP/2 would come with TLS encryption built in (this is Transport Layer Security, previously known as SSL), but this was rejected because it would inconvenience certain industry players like network operators and proxy vendors by burdening them with new standards.
However, explains Mark Nottingham, chairman of the IETF HTTP Working Group, this shouldn’t matter too much as Firefox and Chrome developers have said that they won’t support HTTP/2 unless it does support encryption. So, says Nottingham, sites that want to get the benefit of faster browsing “will need to use TLS if they want to interoperate with the broadest selection of browsers.” It’s a neat trick: the HTTP Working Group is making the internet faster as an incentive for making the internet safer.
via theverge.com