HTTP Sir Tim Berners-Lee the father of the World Wide Web URI: Uniform Resource Identifier HTML: Hypertext Markup Language HTTP: Hypertext Transfer Protocol
without waiting for the answer over persistent connection • Idempotent methods only (GET, HEAD, PUT, DELETE) • Multiple Connections • Open multiple connections to same host to speed up retrieval of large numbers of objects • Maximum 6 connection for one origin to avoid DoS
over the World Wide Web • Changes • Textual protocols à binary protocols • Head-of-line blocking à multiplexed and prioritized streams • Concurrent multiple TCP connections à one TCP connection • Redundant HTTP Headers -> Header compression with HPACK • Security -> All browers support HTTP/2 only on TLS • Server Push
can be interleaved • All stream(sequence of frames)s are sent over single TCP connection • Streams have dependencies and weights to calculate the priorities • DATA frames are subject to per-stream and connection flow control
are force TLS • Mozilla Firefox and Google Chrome • Why? • To protect user’s privacy • To avoid the tyranny of the middleboxes • They are upgraded much slower than edges TCP/IP TLS HTTP/2 HTTP/2 Stack
in 2012 • TCP + TLS + HTTP/2 over UDP • Flow Control • Error Control • Congestion Control • In-order delivery per stream • To Prevent Ossification (경직화)
• Clients need fall back algorithms • CPU intensive (2x ~ 3x) • Lack of APIs of TLS library (OpenSSL) • ARQ limitation • Automatic Repeat Request à Forward error correction may help
GET in ASCII over TCP • HTTP/1.0 • Many extensions are adopted • One request per one connection • HTTP/1.1 • The first standard version • Persistent connection improved performance, but brought HTTP HOL • Many workarounds have been made over 18 years • HTTP/2 • Binary multiplexed over TCP resolves HTTP HOL ß SPDY • HTTP/3 • Binary over multiplexed QUIC resolve TCP HOL ß QUIC
https://blog.erratasec.com/2018/11/some-notes-about-http3.html • https://blog.codavel.com/2018/09/17/quic-vs-tcptls-and-why-quic-is- not-the-next-big-thing • QUIC: in Theory and Practice - Robin Marx | DeltaV 2018 • https://blog.codavel.com/2018/09/17/quic-vs-tcptls-and-why-quic-is- not-the-next-big-thing • https://github.com/quicwg • https://github.com/quicwg/base-drafts/wiki/Implementations