This is a big deal, I think. Ten years from now we're going to look back and discover that Google quietly replaced HTTP without anybody complaining, or even noticing.
It won't replace HTTP 1.1, since billions of small sites without SSL certificates can't use it.
It might replace HTTP 1.1 if SSL certificates becomes free, automaticly generated, installed and renewed.
Otherwise most small websites (the majority of web sites on the net) without any real need for the security provided by encrypted communications (SSL) won't bother dealing with a ton of hassle (or costs) of SSL just for a minor speed improvement.
Free SSL certificates already exist, accepted by all major browsers: https://www.startssl.com/ . Does having to visit that site once a year to renew a certificate really pose a hardship?
But how do you do that? You'd have to have a non-https based landing page and then redirect to spdy based on user agent. If you actually care about SSL, the non-SSL landing page is an attack vector.
You could serve up HSTS records via http, which IE on XP doesn't support either. That'll ensure that all of your repeat visitors use https directly.
Also, many sites still serve up their unauthenticated homepages via http only, and such sites should have no problem checking for IE on XP and providing a link that'll work.
Depending on the nature of your traffic and how it arrives (e.g. via integration with third-party sites via scripts you've written), you might also have the opportunity to provide the appropriate fallback links to users before they ever reach your site for the first time.
And all of the above assumes you have enough IE-on-XP users to not just write them off entirely.
The other article on SPDY complained about it having SSL enabled by default. Is that really something to complain about? Isn't it one of the good things about it, because if SPDY gets adopted, it means everything becomes encrypted? And isn't that a very desirable future?
Wait. Did I just read that right?
They want to emulate a packet (or frame) based protocol on top of a stream protocol (TCP-Stream)
which itself uses packets? That adds umm... how many overhead? Lets count:
- Data Link Layer (for instance Ethernet-Frames/Packets)
- IPv4/IPv6 - Packets
- TCP-Packets --> TCP-Stream
- SPDY-Frames --> Multiple Streams
- (Edit OK. Maybe not HTTP. Just insert here how they want to transmit the headers)
That way we not only send more useless data. We also have to dis- and reassemble everything twice.
Why not just extend the TCP-Protocol to support multiple streams? There's still unused space in the header
and we have the possibility add additional options.
Am I missing something?
I know that applications are not allowed to send raw TCP-Packets on most OSes by default. But most servers
run Linux, which could be easily patched to support such additional features. (And webhosts will have some work
to support that new protocol anyways)
SCTP requires OS support... putting SDPY on top of TCP/IP is just like any other protocol and doesn't require adding an entire new protocol that will have to be firewalled, will have to traverse across different devices that may or may not have SCTP available (such as older consumer routers).
Warnings are compiler version dependent (and even optimization level dependent, surprisingly). It looks like that one was introduced by gcc 4.6, so perhaps the author of the patch was using a different version.
Chrome builds with -Werror on by default but, because of the above reason, recommends any person attempting to build it to turn it off (and provides a flag to do as much).
Date of the first RFC is from 2000. I wouldn't hold my breath. Besides, SPDY enablement simply relies on browser / middleware updates changes which can iterate quickly compared to networking gear that needs to support the protocol shift. This was a large factor in building SPDY on top of an existing stack.
