HTTP/2 and HTTP/3 explained

HTTP/1.1 Pipelining and Middleboxes

  • Spec-wise, HTTP/1.1 allows sending multiple requests on one TCP connection before prior responses arrive.
  • Several commenters say this “never really worked” in practice: broken proxies, antivirus MITM, and middleboxes mangle or interleave responses.
  • Because of this, browsers largely abandoned pipelining despite theoretical correctness.

Head-of-Line Blocking, Multiplexing, and Performance

  • Clarification: in HTTP/1.1, you can send multiple requests but often must wait for earlier responses before later ones can be used.
  • Browsers cap concurrent TCP connections per origin (historically small, later around ~6–10), which can cause blocking.
  • Some argue HTTP/2’s single-connection multiplexing creates TCP-level head‑of‑line: packet loss on one stream can stall others.
  • Others counter that multiple HTTP/1.1 connections have their own downsides (handshakes, slow start, kernel limits).

HTTP/2 in Practice

  • Opinions split:
    • Positive: generally faster on typical connections; cleaner design (all metadata as headers, streams, HPACK); works well for RPC and many web workloads.
    • Negative: some report 5–25% worse mobile load times, especially with high latency/loss and interactive + lazy-loading use cases. Data is referenced but not shared, leading to accusations of anecdote vs. evidence.
  • Server push is widely viewed as a failed feature; major browsers removed it.

HTTP/3 / QUIC and UDP

  • HTTP/3/QUIC touted for unstable/mobile networks via connection migration and better handling of loss.
  • One commenter says HTTP/3 performs worse than HTTP/1.1 + satellite “PEP” on satellite links.
  • Concerns raised about QUIC’s DDoS implications over UDP and about proposals for “QUIC over TCP” as a sign of real‑world friction.
  • Discussion on why UDP is less optimized: hardware and OS TCP offloads (segmentation, coalescing) don’t translate cleanly to UDP.

Complexity vs. Benefits

  • Some argue if HTTP/2/3 are more complex and costly to implement than HTTP/1.1, they’re a mistake.
  • Others respond that complexity is justified when a small number of implementations serve billions of users, and that HTTP/3 effectively folds TCP+TLS+HTTP into one stack with similar overall complexity.
  • For app developers on modern cloud platforms, HTTP/3 can be “free” via managed load balancers.

TLS, CAs, and Longevity / Censorship

  • Strong disagreement about mandatory CA-based TLS for HTTP/3:
    • Pro side: insecure/plain or self‑signed deployments shouldn’t be exposed publicly; user safety and privacy outweigh convenience.
    • Contra side: CA dependence harms longevity (cert expiry, ACME fragility), centralizes power for censorship, and blocks simple personal sites; self‑signed or plain-text should remain possible (with warnings).
  • Debate over whether encryption is always needed for read‑only content; opponents raise surveillance in hostile jurisdictions as a reason it is.

Use Cases and “Who HTTP/2/3 Serve”

  • One commenter argues HTTP/2/3 mainly solve problems of ad‑heavy, multi-domain pages driven by large ad and CDN companies, not simple text retrieval.
  • They claim for single‑domain text fetching, HTTP/1.1 pipelining remains superior; others dispute this but provide no counter-benchmarks.
  • A small test of loading many images across browsers/HTTP versions shows differing parallelism and ordering, highlighting implementation variance.

Higher-Layer Multiplexing vs. SCTP

  • One unresolved question: why HTTP/2/3 multiplexing was done at the application layer (over TCP/UDP) instead of using SCTP directly.
  • The thread raises the question but offers no clear answer.