Controversy over upcoming Web protocol change

Developers never tire of finding ways to add more objects to Web pages in hopes of beating — or at least keeping up with — the apparently limitless increases in server power and bandwidth.

However, this seemingly never-ending circle of supply and demand needs a bit of a kick, which is about to be given by the Internet Engineering Task Force (IETF). The organization is about to release the second version of the Hypertext Transport Protocol, dubbed HTTP/2, which promises to speed up Web traffic.

However, an article in Computerworld U.S. notes that some experts worry. For example, in a Monday blog Greg Wilkins, lead developer of the Jetty open source servlet server, says there is a lot of good in the proposed standard, “but I have deep reservations about some bad and ugly aspects of the protocol.

An IETF working group last week issued a last call for comments on the proposed new standard after issuing new drafts.

HTTP/2 supports the same semantics as HTTP/1.1, so most of the benefits of the new standard can be used by applications simply by upgrading client and server infrastructure, he wrote. HTTp/2 won’t suffer from the head of line blocking issues as the existing version does. HTTP/2 provides an effective compression algorithm (HPACK) that is tailored to HTTP and avoids many of the security issues with using general purpose compression algorithms over TLS connections, he adds.

But, he complains, the proposed protocol doesn’t cover the possible future extension of HTTP/2 to carry WebSockets semantics.  He also fears HTTP/2 has an incentive for applications to move large data into headers, which will open multiple connections and cause chaos.

“I would like to think that I’m being melodramatic here and predicting a disaster that will never happen,” he wrote. “However the history from HTTP/1.1 is that speed is king and that vendors are prepared to break the standards and stress the servers so that applications appear to run faster on their browsers, even if it is only until the other vendors adopt the same protocol abuse.   I think we are needlessly setting up the possibility of such a catastrophic protocol fail to protect against a DoS attack vector that must be defended anyway.”

Finally, there are other aspects of HTTP/2 he describes as ugly, one of which he warns could be used to smuggle illicit data through firewalls.

But Computerworld also quotes Owen Garrett, head of products for server software provider NGINX saying that “A lot of our users are experimenting with the protocol. The feedback is that generally, they have seen big performance benefits.”





Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web