[pornel]

The big take-away from this is that "HTTP/2" is not the same thing everywhere. Quality of implementation matters. We didn't see so much variation in HTTP/1, because servers had almost no control, and clients were opening multiple connections, so even bad prioritization was hidden by TCP-level parallelism.

In HTTP/2 we've reached a good level of interoperability, but bolting on HTTP/2 on top of a server architected for HTTP/1 is not enough. We have room for optimizations and maturity.

[merb]

well h2 for development is really hard since basically you need to create a certificate, because no major browser implements h2 over plaintext. i mean a lot of people can live with that and just insert a development certificate into their trust chain, but some people do not understand that and others work in more restricted environments. so basically fully controlling and developing with h2 is basically not as easy as it was with http/1.

[pornel]

For server development the hard part is simulating realistic network conditions. For example, on localhost, you'll never witness any prioritization happening, because you'll never grow a queue of responses still waiting to be sent down.

[zamadatix]

Browser Dev tools pretty much cover that in one click these days.

[stereo]

Getting a valdid certificate with letsencrypt is, once you’re a tiny bit familiar with certbot, a matter of minutes.

[tlrobinson]

Has anyone just published a valid certificate for a domain name that resolves to 127.0.0.1?

[Ayesh]

For your own use, you can obtain a certificate via DNS validation, or by pointing your DNS A records to a server with a public IP.

When you publish the private key online, anyone can revoke the certificate, or the CA themselves will.