The communications protocol that governs the way browsers surf the Web is about to get its first overhaul in 16 years. The update could help make the Web more secure and significantly faster. The new standard is called HTTP/2, and it's set to replace its predecessor HTTP, or Hypertext Transfer Protocol, which governs the way data are transferred between Web browsers and servers.
The updated version was formally approved by the Internet Engineering Task Force, according to a blog post by Mark Nottingham, chairman of the IETF, on Wednesday. The protocol will now be subject to a Request-for-Comment and revision period, after which it will be officially published by the IETF, Nottingham wrote on his blog. That should come as welcome news to myriad IT managers and anyone else concerned about Web security.
Faster Page Load Times
That is because the biggest development likely to come from the application of the new standard is better data encryption. The protocol that HTTP/2 replaces, HTTP 1.1, was first developed in the '90s. And as the number of cyberattacks that have made headlines recently have demonstrated, the standard has not kept up with the times.
HTTP/2 is based on another protocol called SPDY, developed and used by Google. Google had started working on a replacement protocol for HTTP as a way to counteract latency problems that lead to Web pages loading slowly. SPDY was designed to require less network resources when fulfilling a browser's data requests, freeing up resources and reducing load times.
The new protocol will use far fewer network connections, which should speed up the Web experience considerably. One of the main strategies HTTP/2 employs to achieve faster network speeds is "multiplexing," which allows several messages between the browser and server to be combined into a single network connection. That way, larger requests do not create a data bottleneck preventing smaller requests from being processed simultaneously.
Building a More Secure Internet
But even more important than the increase in network speed will be the enhanced security users will experience. Although HTTP/2 will not require Web sites to use TLS (a type of SSL encryption layer), the improved performance will make encryption much easier for browsers to implement.
That is because encryption layers can act as a drag on network performance. But by increasing network speeds overall, the developers of HTTP/2 are hoping that Web sites will have a greater incentive to implement TLS encryption, resulting in a more secure Internet overall.
Another major change from HTTP 1.1 is the shift from a textual protocol to a binary protocol. The change removes a significant amount of complexity from the way browsers and servers communicate with each other, which should provide fewer vulnerabilities for hackers to exploit.
Nonetheless, Nottingham warned that the new protocol is not a magic bullet for either faster page loads or Internet security.
"HTTP/2 isn't magic Web performance pixie dust; you can't drop it in and expect your page load times to decrease by 50%," he wrote on his blog. "It's more accurate to view the new protocol as removing some key impediments to performance; once browsers and servers learn how and when to take advantage of that, performance should start incrementally improving."
0 comments:
Post a Comment