Http 2.0 will probably get built-in encryption

The chances are that the http 2.0, the successor to http 1.1, support for encryption using the tls built in as standard. That is not to say that http is as safe as https: possible, certificates are not checked, allowing man in the middle attacks remain possible.

At this time, is still working on the new version of the http protocol; or, is actually being selected for encryption, therefore, is not written down. According to the chairman of the http working group of the Internet Engineering Task Force is a large part of the community, however, in favour of the installation of encryption. That’s what he says compared to the Financial Times. The IETF is responsible for a large part of the standards and specifications on the internet, including the http specification.

How the standard encryption there you should go and see, is at this moment not yet decided. It is clear, however, that the http working group proposes that the client receives the power to establish a secure connection to enforce. At this time, only the server that. In the new situation, would then be obliged to encryption to offer, but it is not required to offer encryption to actually use. “If two parties through an open channel, want to communicate, should that be possible,” said the chairman of the working group, Mark Nottingham, at the end of last month at an IETF meeting in Berlin.

The http encryption would be next to https should exist, and encrypted pages would just be using the protocol identifier ‘http’ should be invoked. For encryption look at the writers of the new specification for tls, that also in https is being used. Differences with https, however, there are also: for example, Nottingham on the mailing list of the project for the certificates of encrypted http connections, not to verify. “That would be the roll-out to facilitate,” writes Nottingham, who, however, recalling that this further discussion should be.

If the certificate cannot be verified, does that mean, however, that man in the middle attack is still possible: the traffic is encrypted, but there can not be verified to whom the encrypted traffic is sent. However, the content of the communication is protected against eavesdropping, which, for example, users of public wi-fi hotspots are better protected.

The IETF has been working since the end of last year to the new version of the http specification. The new specification takes the Spdy specification of Google as a starting point, and should include the page load time will shorten and the parallel sending of content on a single connection. The standard should in 2014 be ready. The standard is being rolled out in addition to http 1.1; tentative is the current http-version has not yet been phased out. Given the ubiquity of http 1.1 will by default likely for many years after the roll-out of http 2.0 is supported by web browsers and servers.