HTTP/2 – “Nearing Completion”

Missed it by THAT much …. the planned HTTPbis Working Group Last Call for HTTP/2 slipped two months from April to June 2014, yet it is “nearing completion” as noted by IETF Chair Jari Arkko in his summary of the latest standards meetings in London. Ongoing design discussions around revisions to the widely-used Internet protocol HTTP delayed our next implementable draft until the end of March. While there was consensus to add new features without broad prototyping experience and related data, developers then requested additional bake time for their HTTP/2 implementations to validate the benefits of these late-breaking features and to perform more interoperability testing.

HTTP/2 at IETF 89 in London

Gabriel Montenegro, Rob Trace, and Andrei Popov from Microsoft attended the IETF meetings with me.

The related meeting materials are available:

Priority Leveling

As I wrote after the interim meeting in Zurich:

A new proposal for dependencies between streams was presented. (A similar idea was circulated earlier on the spdy-dev mailing list in October 2012, but never implemented.) There was active discussion at the interim that simplified the design to not require changes in the protocol flow. The revised design will appear in the next implementable draft to gather more data.

Osama Mazahir from Microsoft contributed feedback and offered an alternative to the stream dependencies design on the HTTPbis mailing list. Based on subsequent responses, the chair noted the lack of consensus for one approach and recommended that the implementation draft be deferred to allow further face-to-face discussions at IETF 89.

Still, consensus remained elusive at the meeting. To break the impasse and close on a decision, a coin toss was proposed and accepted. Tails. The stream dependencies proposal won the toss. And that’s how the sausage is made.

Update on Application Layer Protocol Negotiation (ALPN)

Andrei Popov from Microsoft presented an update on ALPN. The Internet Engineering Steering Group (IESG) has evaluated and approved the draft with an announcement pending. The next stage is publication.

ALPN support is now available in the OpenSSL 1.0.2 Beta 1 release. ALPN status for open source libraries and languages is tracked here.

HTTP/2 Design Meeting

Following IETF 89, Mozilla hosted a one day HTTP/2 design meeting on at their offices in London near Trafalgar Square. If you’re curious, take a look at:

The minutes are also available.

Alternate Service and Opportunistic Encryption … third time’s the charm?

At past meetings, there have been mixed reactions to the HTTP Alternate Services and Opportunistic Encryption for HTTP URIs drafts. At the Zurich interim meeting in January, the authors requested additional time to experiment and update the drafts. In London this month, there was agreement that load balancing was a valid scenario that could be addressed by Alternate Services. This then opened the door to also enable Opportunistic Encryption ("opportunistically" using TLS when accessing a HTTP URI) with Alternate Services.

Mark Nottingham, the HTTPbis chair, offers background on the HTTP/2 opportunistic encryption experiment in Trying out TLS for HTTP://URIs and notes the “back-and-forth on whether it’s a good idea”. Following the meetings in London, Jari Arkko, the IETF Chair, summarized:

This work may also enable the use of TLS even for http URIs, which may provide limited protection against passive attacks. Nevertheless, the use of https remains the best tool for improving the security of web traffic.

There are concerns about non-authenticated opportunistic encryption, but both Alternate Services and Opportunistic Encryption are optional features.

I Spy with the London Eye

In between meetings, there was time for some sight-seeing on a rainy afternoon:

clip_image002

And a fry-up with Stornoway black pudding:

clip_image004

What’s next?

The next implementable HTTP/2 draft is scheduled for late March 2014. As Mark Nottingham outlined on the HTTPbis mailing list:

The idea behind that is that, barring any major problems, that would be our last implementation draft, and we’d go to Working Group Last Call shortly thereafter.

Microsoft Open Technologies will update our Katana prototype implementation when the draft is published and continue interoperability testing.

The current schedule:

  • Proposed interim in Boston, June 5-6 2014
  • HTTPbis Working Group Last Call before IETF 90, June 2014
  • IETF 90, July 20-25 2014 in Toronto, Canada
  • IETF Last Call before IETF 91, August-September 2014

We will continue to attend the meetings. How can you help? Read the next implementable draft when it’s available and then write an implementation, participate in the technical discussions on the mailing list, or contribute to the HTTP/2 test framework.