HTTP/2 finalised says IETF HTTP Working Group chair

[HEXUS]

The new protocol promises faster, less bandwidth sapping web browsing.

Read more.

[abaxas]

Easier to snoop on.... yay!

NOT.

[watercooled]

How do you work that one out? If anything, HTTP2 makes cryptography more accessible.

[abaxas]

It uses 1 tcpip connection instead of multiples ones.

Ie one less step in piecing it together.

[watercooled]

Thus making the whole system far more efficient. However it's still muxed at a higher level, and the single TCP stream is just coincidental as far as privacy is concerned - that's what cryptography is for at the end of the day.

If you're expecting parallel TCP connections to offer even a whiff of privacy you'll be sorely disappointed; reassembling streams is really quite trivial - it's what browsers and servers are doing all the time. Tools like Wireshark are quite good at it too. There's a chance some of the packets will find themselves on separate routes over longer connections but that's about it, and that still applies.

It doesn't even make it to storm in a teacup TBH, it's a complete non-issue.

[Tunnah]

Mate that is a massively uneducated statement and is nothing short of scare-mongering. HTTP/2 should be celebrated, please don't give people false ideas about security concerns you don't really know anything about

[crossy]

It uses 1 tcpip connection instead of multiples ones.
Ie one less step in piecing it together.

Yes, but on the flip side, they've moved to a binary format and added compression, which should mess up a casual sharking pretty well. Plus I've read elsewhere that the single TCP connection may make it easier to tunnel your session over a VPN, thereby adding encryption with less overhead and hassle.

[daddacool]

Firefox and IE only support HTTP/2 over TLS, and Chrome's support for HTTP/2 is not enabled by default.

Additionally hosting providers need to launch support for it at the server level. At the moment, neither Apache nor Nginx support HTTP/2.

Fairly long way off?