2009年,Google提議HTTP協議的舉動引起了工業界的大討論。當時的概念叫做 SPDY,時至今日,雖然人們對於Google的動機始終不是很清楚,但是毫無疑問SPDY還沒有發現對手。
這周,這種情況也許會發生變化。像微軟之前統治世界的方式一樣(embrace + extend),他們現在正在着手一項奇怪的戰略,推進了一組IETF尚未發布的技術方案,微軟稱之為下一代HTTP。包括了多路復用多個組件(像SPDY)和一個全時加密的會話層(類似SPDY,但是不依賴於SSL或TLS)。extend 的則暗示了 WebSocket 的應用,一項為下一代Web應用提供的雙工通信標准。
網絡世界是否需要"S+M”?
微軟的介紹性文檔中包括下面這一段話:“HTTP at its core is a simple request-response protocol. The [IETF Network] working group has clearly stated that it is a goal to preserve the semantics of HTTP. Thus, we believe that the request-response nature of the HTTP protocol must be preserved. The core HTTP 2.0 protocol should focus on optimizing these HTTP semantics, while improving the transport via a new session layer. Additional capabilities that introduce new communication models like unrequested responses must be treated as an extension to the core protocol, and explored separately from the core protocol.”。
大意是,HTTP的核心是一個請求、應答協議。IETF工作組已經明確表明要保留HTTP的語義,因此我們相信HTTP中請求、應答的本質必須保留下來。HTTP2.0的核心應該聚焦在如何優化這些語義以及通過引入新的會話層來改進傳輸效率。其他的諸如引入非請求式應答這樣的新通訊方式等特性只能作為核心的擴展,與核心協議鮮明的區分開來。
幾乎所有的互聯網工程師都認為,通過引入包含多路和加密功能的會話層,能夠極大地提高Web互動的一致性,降低網絡傳輸的消耗。對於Google的SPDY提議,除了因為使用SSL而造成了的TLS部分大量的修改外,基本上沒有太多爭議。
如果WebSocket是瀏覽器陣營一直以來的工作目標,微軟在自己的HTTP2.0提案中加入WebSocket的內容究竟意欲何為呢?(下圖是微軟提議的示意圖)
上周的早些時候,微軟的一位受人尊敬的互動工程師Jean Paoli在一篇博客中指出“HTTP的Speed+Mobility提案起源自Google的SPDY以及業界已經完成的WebSockets基礎之上。SPDY在提醒人們注意Web的性能方面以及提升HTTP速度方面的努力令人尊敬,目前主要的問題在於如何使SPDY滿足移動設備和應用的需求。”。
有些內容被有意留空
微軟此次提案的其他部分看起來更像是一場辯論,而不是一份提案。例如:“There is no 'one size fits all' deployment of HTTP. For example, at times it may not be optimal to use compression in certain environments. For constrained sensors from the 'Internet of things' scenario, CPU resources may be at a premium. Having a high performance but flexible HTTP 2.0 solution will enable interoperability for a wider variety of scenarios. There also may be aspects of security that are not appropriate for all implementations. Encryption must be optional to allow HTTP 2.0 to meet certain scenarios and regulations.”。
關於加密會話層一直以來充滿了爭議,一些人認為他只應當被用在一些重要的事務上。如果對所有的事務進行加密,那么網絡上的嗅探者將毫無作為。微軟提議關掉這項特性,指出由此可以減少電力和時間的消耗。類似的爭論還有很多,比如人們認為HTTP協議不太適合在設備之間進行通訊,他們建議選用C/S的通訊方式,其中就有微軟。
微軟真的想促進HTTP協議的進步嗎?至少從歷史上來看不是這樣的。
HTTP 1.0's deficiencies and omissions are legendary, and its usefulness in the modern realm of Web applications has come only with substantive effort. The need to replace HTTP 1.0 was recognized by cooperating members of the IETF from the time the Web began.
But the first, best chance at upgrading HTTP with an object-oriented protocol geared toward apps came and went in 1999. HTTP-NG, as it was called at the time, ceased to be discussed not long after some of its creators were hired into Microsoft Research. A technology that would have enabled Web applications a full decade-and-a-half before the form factors for such apps were even fleshed out, stalled for lack of momentum - all in the interest of "open discussion." There's a danger here that Microsoft's move could cause the latest incarnation of HTTP 2.0 to suffer the same fate.
參考資料:
1、Is Microsoft Challenging Google on HTTP2.0 with WebSocket?
2、SPDY
3、WebSocket 百度百科
4、認識HTML5的WebSocket