
Announcing SPDY draft 2 implementation in nginx - lysol
http://mailman.nginx.org/pipermail/nginx-devel/2012-June/002343.html
======
seldo
This is a big deal, I think. Ten years from now we're going to look back and
discover that Google quietly replaced HTTP without anybody complaining, or
even noticing.

~~~
moonboots
I agree it's a big deal, but I wouldn't say people aren't noticing[1][2][3] or
complaining[4].

    
    
      [1] http://tools.ietf.org/html/draft-montenegro-httpbis-speed-mobility-01
      [2] http://lists.w3.org/Archives/Public/ietf-http-wg/2012AprJun/0498
      [3] http://www.mnot.net/blog/2012/03/31/whats_next_for_http
      [4] http://librelist.com/browser//mongrel2/2011/8/17/opinions-about-spdy/#e67f0aaa71f4af3f0663195b99217f80

~~~
seldo
I was thinking more in terms of the average-joe consumer, but then I guess the
average-joe consumer never knew what HTTP was anyway.

~~~
Danieru
Sure they do, it is that thing in front of the hard to type portion of urls.

------
mtgx
The other article on SPDY complained about it having SSL enabled by default.
Is that really something to complain about? Isn't it one of the good things
about it, because if SPDY gets adopted, it means everything becomes encrypted?
And isn't that a very desirable future?

~~~
e1ven
Having things encrypted is good, yes, but requiring people to get a
certificate means that the web has fewer chokepoints, which is bad.

IMHO, SSL ought to use a fingerprint-comparison check, instead of a central
cert. "This server has changed since last time. Is that OK?"

~~~
blaenk
What about the first time the user connects, how would they be assured that
the fingerprint really is the site's and not a man in the middle?

Honest question, myself being pretty new to cryptography.

~~~
e1ven
In theory, you could do an out-of-band comparison.

In practice, you'd generally accept that the first one you receive is valid,
and then watch for deviations from there.

This is the way SSH works, for instance.

------
chmod775
Wait. Did I just read that right? They want to emulate a packet (or frame)
based protocol on top of a stream protocol (TCP-Stream) which itself uses
packets? That adds umm... how many overhead? Lets count:

\- Data Link Layer (for instance Ethernet-Frames/Packets)

\- IPv4/IPv6 - Packets

\- TCP-Packets --> TCP-Stream

\- SPDY-Frames --> Multiple Streams

\- ( _Edit_ OK. Maybe not HTTP. Just insert here how they want to transmit the
headers)

That way we not only send more useless data. We also have to dis- and
reassemble everything twice.

Why not just extend the TCP-Protocol to support multiple streams? There's
still unused space in the header and we have the possibility add additional
options.

[http://en.wikipedia.org/wiki/Transmission_Control_Protocol#T...](http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure)

Am I missing something? I know that applications are not allowed to send raw
TCP-Packets on most OSes by default. But most servers run Linux, which could
be easily patched to support such additional features. (And webhosts will have
some work to support that new protocol anyways)

I don't get it.

Edit: SCTP may be a suitable replacement for TCP as mentioned in some other
comment.
[http://en.wikipedia.org/wiki/Stream_Control_Transmission_Pro...](http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol)

~~~
X-Istence
SCTP requires OS support... putting SDPY on top of TCP/IP is just like any
other protocol and doesn't require adding an entire new protocol that will
have to be firewalled, will have to traverse across different devices that may
or may not have SCTP available (such as older consumer routers).

------
NiekvdMaas
For everyone who tries to build this: the URL to the patch file is
<http://nginx.org/patches/spdy/patch.spdy-35.txt>, and not the one mentioned
in the announcement.

~~~
newman314
It fails to build for me. Got a bunch of warnings being treated as errors.

gcc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Wunused-
function -Wunused-variable -Wunused-value -Werror -g -march=native -Ofast
-fomit-frame-pointer -fstack-protector -D_FORTIFY_SOURCE=2 -flto -fwhole-
program -fuse-linker-plugin -I src/core -I src/event -I src/event/modules -I
src/os/unix -I objs -I src/http -I src/http/modules \ -o
objs/src/http/ngx_http_spdy.o \ src/http/ngx_http_spdy.c

src/http/ngx_http_spdy.c: In function ‘ngx_http_init_spdy’:

src/http/ngx_http_spdy.c:261:34: error: variable ‘rc’ set but not used
[-Werror=unused-but-set-variable]

src/http/ngx_http_spdy.c: In function ‘ngx_http_spdy_process_ping’:

src/http/ngx_http_spdy.c:1512:35: error: variable ‘c’ set but not used
[-Werror=unused-but-set-variable]

src/http/ngx_http_spdy.c: In function ‘ngx_http_spdy_send_rst_stream’:

src/http/ngx_http_spdy.c:2552:35: error: variable ‘c’ set but not used
[-Werror=unused-but-set-variable] cc1: all warnings being treated as errors

I would point out that the -Werror is set by the vanilla version of nginx and
not a flag that I passed in.

~~~
VBart
Thanks, fixed. =) Try again: <http://nginx.org/patches/spdy/>
patch.spdy-36.txt or later revision.

~~~
newman314
LOL.

Thanks for the quick turnaround. I got distracted with something else right
after I posted this and didn't expect such a quick update.

In any case, -36 built just fine and I have verified that I now have SPDY on
the server.

FWIW, the format of using

listen 443 spdy; ssl on;

works just fine too.

------
Ralith
I hope SCTP[1] starts to take off soon as a transport for protocols like this,
so they don't have to keep working around the limitations of TCP.

[1] <http://en.wikipedia.org/wiki/SCTP>

~~~
gregr401
Date of the first RFC is from 2000. I wouldn't hold my breath. Besides, SPDY
enablement simply relies on browser / middleware updates changes which can
iterate quickly compared to networking gear that needs to support the protocol
shift. This was a large factor in building SPDY on top of an existing stack.

~~~
Zash
Look at how old IPv6 is, and how long it took to get people to start
deploying.

------
subleq
It was much easier to get this working than I thought it would be! Does anyone
know when this will be part of an official release?

