John Border Hughes Network Systems, LLC HTTP Workshop Summary John Border Hughes Network Systems, LLC

Workshop Info The HTTP Workshop was held during the last week of July in Münster, Germany Access to the agenda, attendee list, presentations used to foster discussion and a workshop report are available at the HTTP Workshop Wiki At the end, the output of the workshop was summarized as a list of HTTP Ideas Some of the observations are inferences on my part which may or may not be correct In general, I have not included information which can be found at either of the above two links

Observations1 Proxies Even though there was no backing off from the “everything should be encrypted end to end” positioning, there was definite (if somewhat grudging by some people) acknowledgement that proxies have a legitimate role to play The need to do things in the middle came up repeatedly from certain areas although, in the end, caching was the only application for a which a possible solution was actually discussed at the workshop

Observations2 Proxies (cont.) The idea of a secure proxy was oxymoronic to some of the participants In their view Security must always be end to end It should be possible to address many of the features currently implemented in the middle at the end points When that is not possible, only solutions which do not involve trusting the proxy are acceptable (e.g. blind caching) Not clear how they reconcile the above with legal intercept types of requirements

Observations3 HTTP Versions I cannot find my notes on who said it, (definitely not Google or Mozilla,) but at least one browser vendor is planning on implementing H2C (HTTP/2 in the clear) While not a slam dunk, there is a lot of interest in taking HTTP/3 towards a UDP QUIC-like solution Akamai has started working on a QUIC implementation to at least play with According to Mark Nottingham, new (“powerful”) features coming from W3C will all required HTTPS Firefox will eventually deprecate HTTP for all new features