Wednesday, May 4, 2016

3 reasons I decided to learn about HTTP/2

You may or may not have heard about the approval of the new HTTP specification by the IETF in February of 2015. I have, and I would like to share what I found about HTTP/2.0 that piqued my curiosity.

1) Quick win webapp performance boost in no-time
There are already numerous small examples and tests on the web to show what HTTP/2 can do, out of the box. That is, if the client-side browser is HTTP/2 enabled and if the server supports the protocol.
Luckily the former mentioned is mostly all set and ready to go but server support is not quite there yet although growing steadily.
Have a look at the Gophertiles example. A less known but nonetheless spectaculair example is Cloudfare’s demo.

2) Security not optional
Yes, of course, clear text is, technically, still possible according to the HTTP/2 specification. The use of TLS is not mandatory. However the main players in the browser industry (Google, Microsoft, Mozilla Foundation) decided against allowing this and only enable HTTP/2 over secure connections. I am aware HTTPS has weaknesses of its own, but more eye for security in itself in this respect cannot hurt. Especially as more and more personal data is going over the wire and security breaches can bankrupt companies, hurt governments and citizens and kill potentially interesting applications. 

3) Server Push
On top of all this HTTP/2 throws a new functionality in the mix by the name of server push.
This enables the server to already send resources before the client even requested them. 

For this there is still a lot that needs to be figured out - but it is clear that this will not work out of the box and needs developers' attention. That, in addition to the promising future uses of this mechanism, made me want to find out more. A lot more. More about that later!

No comments:

Post a Comment