Syndicated

Developers never tire of finding ways to add more objects to Web pages in hopes of beating — or at least keeping up with — the apparently limitless increases in server power and bandwidth.

However, this seemingly never-ending circle of supply and demand needs a bit of a kick, which is about to be given by the Internet Engineering Task Force (IETF). The organization is about to release the second version of the Hypertext Transport Protocol, dubbed HTTP/2, which promises to speed up Web traffic.

However, an article in Computerworld U.S. notes that some experts worry. For example, in a Monday blog Greg Wilkins, lead developer of the Jetty open source servlet server, says there is a lot of good in the proposed standard, “but I have deep reservations about some bad and ugly aspects of the protocol.

An IETF working group last week issued a last call for comments on the proposed new standard after issuing new drafts.

HTTP/2 supports the same semantics as HTTP/1.1, so most of the benefits of the new standard can be used by applications simply by upgrading client and server infrastructure, he wrote. HTTp/2 won’t suffer from the head of line blocking issues as the existing version does. HTTP/2 provides an effective compression algorithm (HPACK) that is tailored to HTTP and avoids many of the security issues with using general purpose compression algorithms over TLS connections, he adds.

But, he complains, the proposed protocol doesn’t cover the possible future extension of HTTP/2 to carry WebSockets semantics.  He also fears HTTP/2 has an incentive for applications to move large data into headers, which will open multiple connections and cause chaos.

“I would like to think that I’m being melodramatic here and predicting a disaster that will never happen,” he wrote. “However the history from HTTP/1.1 is that speed is king and that vendors are prepared to break the standards and stress the servers so that applications appear to run faster on their browsers, even if it is only until the other vendors adopt the same protocol abuse.   I think we are needlessly setting up the possibility of such a catastrophic protocol fail to protect against a DoS attack vector that must be defended anyway.”

Finally, there are other aspects of HTTP/2 he describes as ugly, one of which he warns could be used to smuggle illicit data through firewalls.

But Computerworld also quotes Owen Garrett, head of products for server software provider NGINX saying that “A lot of our users are experimenting with the protocol. The feedback is that generally, they have seen big performance benefits.”

 

 

 

 

Share on LinkedIn Share with Google+ Comment on this article
More Articles