Sending data in plain text just doesn’t cut it in an age of abundant hack attacks and mass metadata collection. Some of the biggest names on the Web—Facebook, Google, Twitter, etc.—have already embraced default encryption to safeguard your precious data, and the next-gen version of the crucial HTTP protocol will only work for URLs protected by HTTPS.
Mark Nottingham, chair of the HTTPbis working group developing the HTTP 2.0 protocol for the Internet Engineering Task Force,
made the announcement early Wednesday in a Worldwide Web Consortium mailing list.
“I believe the best way that we can meet the goal of increasing use of TLS [Transport Layer Security] on the Web is to encourage its use by only using HTTP/2.0 with https:// URIs,” Nottingham wrote.
Leaping through hoops for backward compatibility
Non-encrypted HTTP URLs would continue to use the current HTTP protocol, though Nottingham says the HTTP 2.0 protocol will still need to formally define how the protocol handles unencrypted URLs.
That's because the “HTTP 2.0 requires HTTPS” line becomes a but blurry further down om Nottingham’s announcement.
One more step on a long road to a faster, safer Web
The HTTPbis Working Group’s last call for HTTP 2.0 is slated to occur in April 2014, before submitting HTTP 2.0 to the Internet Engineering Standards Group in November 2014 for consideration as a formal standard.
