IETF 83 (Paris), HTTP/2.0, and Encryption

I attended IETF 83 in Paris this past week with my fellow Mozilla networking team member Patrick McManus. This was my first IETF meeting, and it won’t be my last given how productive and enjoyable it was.

Our primary goal was to participate in the HTTP(bis) working group, where we hope to standardize SPDY, possibly under the label HTTP/2.0. I learned quite a bit about how the IETF standards processes work and greatly enjoyed spending time with many of the people involved.

We’re excited about what SPDY has to offer in terms of security and performance. The HTTP/2.0 proposals based on alternatives to SPDY (or that deviated significantly) were interesting, but I’m still convinced that the solution we end up with should be based largely on SPDY. I can hardly imagine a proposal that better exemplifies “rough consensus and running code,” with plenty of data confirming its benefits.

I’m also more convinced than ever that encryption (e.g. TLS) should be a requirement in HTTP/2.0. This is the right thing to do for our users and there is now plenty of data available to debunk myths about unacceptable deployment costs. Mozilla has a strong history of standing up for user security and privacy and hopefully we’ll continue with that tradition by strongly opposing any solution that does not require encryption. Perhaps we should go so far as to decline to implement any non-encrypted solution that might be specified.