HTTP 2.0 APPROVED - Hello Faster and More Secure Browsing!
2015 February 23
For the first time in 16 years the HTTP standard is getting an overhaul and while faster Web pages are a big win for the first major revision since 1999 better encryption may finally have a more lasting impact.
In a blog post, Mark Nottingham, chairman of the IETF working group behind creating the standards, said the HTTP 2.0 specifications have been formally approved. From here, the specs go through a request for comment phase and then published.
HTTP, or Hyptertext Transfer Protocol, is one of the standards that makes the Web tick. In a nutshell, HTTP allows a browser to connect with a Web server to load a page. HTTP 2.0 is promising faster loading speed.
The HTTP 2.0 standard is based on SPDY, which was introduced by Google and adopted by other browsers. That HTTP 2.0 originated from a Google protocol has caused some consternation.
In the long run, speed is likely to be the No. 2 advance from HTTP 2.0. Encryption in HTTP 2.0 will mean fewer attacks and overall snooping. Technically, HTTP 2.0 doesn't require better encryption, but Mozilla and Google won't support the standard without it. Add it up and HTTP 2.0 will bring encryption. Anyone adopting HTTP 2.0 will need to support Transport Layer Security to interoperate with a wide range of browsers.
Nottingham noted in a blog post last year:
HTTP/2 doesn't require you to use TLS (the standard form of SSL, the Web's encryption layer), but its higher performance makes using encryption easier, since it reduces the impact on how fast your site seems.
In fact, many people believe that the only safe way to deploy the new protocol on the “open” Internet is to use encryption; Firefox and Chrome have said that they'll only support HTTP/2 using TLS.
They have two reasons for this. One is that deploying a new version of HTTP across the Internet is hard, because a lot of “middleboxes” like proxies and firewalls assume that HTTP/1 won't ever change, and they can introduce interoperability and even security problems if they try to interpret a HTTP/2 connection.
The other is that the Web is an increasingly dangerous place, and using more encryption is one way to mitigate a number of threats. By using HTTP/2 as a carrot for sites to use TLS, they're hoping that the overall security of the Web will improve.
We want to hear from you, so what are you waiting for? Contact us today.Get In Touch
Posted In: The Vast Universe