Hacker News new | ask | show | jobs
by Matthias247 2260 days ago
> Most of the benefits that HTTP/2 brings to the table require a new model that doesn't map cleanly to the traditional request/response lifecycle

This is not true. The only HTTP/2 feature that doesn't fit into the traditional HTTP semantics is PUSH. And even that is the request/response model - the only difference is that the request is injected also from the server side and not being received from the client. We just pretend we would have received such a request from the client, send the response towards the client, and hope the client won't reject it.
1 comments
labawi 2260 days ago
0-RTT requests mess with the traditional lifecycle and have security implications that many won't handle safely.
link
Matthias247 2260 days ago
0-RTT requests certainly have security implications. However they are not part of HTTP/2, but of TLS1.3 (and QUIC). They are orthogonal concerns, even though it's a valid layering concern: We have a transport layer concern leaking up into the HTTP layer - whether it's HTTP/1.1, /2 or /3.

Also 0-RTT requests still follow the request/response model.

link