Published Sep 3, 2019

SE-Radio-Episode-232:-Mark-Nottingham-on-HTTP/2

Mark Nottingham delves into the evolution of web protocols with a focus on HTTP/2, detailing its advancements in security, from enhanced encryption to performance-boosting innovations like multiplexing and binary protocols, aiming to revolutionize web communication.
Episode Highlights
Software Engineering Radio - the podcast for professional software developers logo

Popular Clips

Episode Highlights

  • Security Evolution

    The evolution of web security has been significantly influenced by protocols like SPDY and HTTP/2. highlights how SPDY initially used TLS to enhance interoperability and security, addressing vulnerabilities such as the Firesheep attack, which exposed user credentials in public networks 1. He notes, "We've been doing work in other places to try and improve the quality of encryption on the web," emphasizing the ongoing efforts to secure web communications 2. These protocols not only aimed to improve performance but also to serve as a catalyst for widespread encryption adoption.

       

    Encryption Hurdles

    The push for mandatory encryption in HTTP/2 faced several hurdles, including technical and consensus challenges. Mark explains that while there was a strong desire to require HTTPS for HTTP/2, consensus was difficult due to its varied use cases, such as backend systems and APIs 3. He reflects on the pragmatic decision to let the market decide, stating, "I personally would have loved to have seen it become encrypted only" 3. Despite these challenges, efforts to improve encryption continue, with mechanisms like ALPN and alternative services being developed to facilitate secure connections 2.

Related Episodes