HTTP/2 standard has been finalized

[BoraMurdar]

Content source

http://thenextweb.com/insider/2015/02/18/http2-first-major-update-http-sixteen-years-finalized/

Today, the next major version of HTTP took a big step toward becoming a reality; it’s been officially finalized and now moves towards being fully standardized.

According to a blog by Mark Nottingham, the chair of the IETF HTTP Working Group, the standard was completed today and is on its way to the RFC Editor to go through editorial processes before being published as a standard.

HTTP/2 is a huge deal; it’s the next big version of the Hypertext Transfer Protocol, marking the largest change since 1999 when HTTP 1.1 was adopted.

The new standard brings a number of benefits to one of the Web’s core technologies, such as faster page loads, longer-lived connections, more items arriving sooner and server push. HTTP/2 uses the same HTTP APIs that developers are familiar with, but offers a number of new features they can adopt.

One notable change is that HTTP requests will be ‘cheaper’ to make. The Web community has often told developers to avoid adding too many HTTP requests to their pages, which lead to optimization techniques like code inlining or concatenation to reduce the requests. With HTTP/2, a new multiplexing feature allows lots of requests to be delivered at the same time, so the page load isn’t blocked.

HTTP/2 also uses significantly fewer connections, hopefully resulting in lower load for servers and networks. Nottingham previously published a number of other improvements coming to the standard on his blog.

The new HTTP standard was based on Google’s SPDY protocol, which is used today by some technologies to manipulate traffic which helps improve latency and security, delivering faster page load times. Google announced just a few days ago that it plans to switch fully to HTTP/2 in Chrome.

Developers wishing to test HTTP/2 before it becomes official can already do so now in Firefox and Chrome, along with downloadable test servers to try improvements for themselves. More information is available in the HTTP/2 FAQ.

It should be a relatively short time before the standard is passed through the Request-For-Comments Editor and published for use in its final form.

➤ HTTP/2 is Done [mnot’s blog]

 

[NullPointerException]

HTTP is just fine. Glad it's having a new version. Since like sixteen years!
In my (unpopular) opinion, unless you are a bank website or a huge website that has more than five million visitors per year, HTTP is just fine for you. HTTPS just adds an S and a RHA-64 (most of the times) encryption protocol that just makes a hacker's job painful but still not impossible. It doesn't matter if you are a store or a bank, switch to an SSL protocol. But normal websites like MalwareTips, NakedSecurity, Wikia, and even Wikipedia should use HTTP. Why, the encryption (laughable, any (un)ethical hacker with more than five years of professional experience can crack it...Look at NSA, a simply group of code monkeys are government spying on me and building a profile of me) just makes the page loading seem fancy but can cause bugs. Looking at you, Heartbleed.

Because bugs like Heartbleed can cause infinite infamy over 4chan and Reddit, I'd not put my business in OpenSSL anymore. Just like this guy tells us, we can learn to play by ear. A highly talented nerd like a gem that's born in thousands of years can hack Google if he tries,
while age < 20;
But the thing is that those people are rare. After discovering his true potential, perhaps he can be the next Alan Turin. A forgotten (or remembered) legend who invented what we use. But the same kid can fall in wrong company, if he faces social, family or otherwise other issues, and may inflict his sufferings on other...(Joseph Stalin is a perfect example.) And cause another Heartbleed.

In my opinion, if NSA can crack all the encryption, so can non-govt people. After all cryptography wasn't made by God. Unless you've tremendous visitors or are a shop/bank, you shouldn't use HTTPS. And then there are other factors to take care of, like you know, memory scarping, SQL injections, social-engineering, Man-in-the-Middle, and oh please DDoS (whenever I use that term I am reminded of Wow or LoL, and a lot of cybersex that goes between it users. And the 'cheated boyfriend' turns out to be a hax0r) and even backdoor injections. HTTP is fine. And if I operate a website I'll gladly use it. Unless I am a bank.

 

[BoraMurdar]

Alan Turing was able to hack German Enigma in WW2 by making the very first computer. We are humans, to surpass ourselves is in our nature. Everything what was done...can be undone.

 

[Vipersd]

What about criminal groups that are using/paying hackers to work for them, in my opinion this is the biggest problem today because days of child/student pranks with simple viruses are long gone. Today serious malware is the next tools that crime uses to steal money and information form their victims. Government spying is even worse in mine eyes.

 

[XhenEd]

HTTP/2 is not equal to HTTPS.
HTTP/2 includes performance (this is the most important feature, I think) and security improvements among other things. Although, HTTP/2 can use HTTPS to harden its security.

 

[jamescv7]

The only problem for HTTPS and SSL is by purchasing the security certificates, which will be depends on the category of website being established; surely some have no budget besides of buying the domain which another maintanance purpose.

 

[soccer97]

I wish financial websites (banks etc) would use very high-level encryption. This would seem to solve a good-bit of MITM attacks (end user web browser) and make their servers more secure. I am guessing that the stronger the encryption though, the more it costs? I guess it is wishful thinking.

It would be nice though if we had that and something Like TLS 2.0.