There is so much open wifi nowadays that non-https should really start to be considered harmful. A large portion of website visitors are probably connecting via Starbucks, airport wifi, etc., which means their session cookies are basically public information.<p>So even given the mass surveillance problems, non-https connections need to start being treated as Bad Practice and discouraged by the sysadmin community.
For context, this is the really-almost-final draft of HTTP/2. I would say speak now or forever hold your peace, but it's even too late for that.
I'm curious to see how transparent proxies handle all the crazy framing (will poor software corrupt the bytestream?) and if there will be a wave of exploits for both client and server implementations; the complexity and subtleties appear to be almost a magnitude higher than http/1.
Is there any particular reason why more work isn't being done on developing new protocols?<p>It seems like given the past 20 years of the web there is clearly a need of a presentation protocol, a stateful application protocol, and a stateless application protocol.<p>Seems like it makes more sense to separate them.
The accompanying HTTP header compression standard seems a lot more terrifying on the complexity scale, compared to Googles suggestion with SPDY of just dumping everything through zlib:<p><a href="http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09" rel="nofollow">http://tools.ietf.org/html/draft-ietf-httpbis-header-compres...</a>
Anyone have a link to a overview type blog post of the changes? This is a tad foreign for a guy like me who has little experience of this layer of the OSI model.