What does HackerNews think of http2-prioritization-issues?

Tracks issues / notes for HTTP/2 prioritization across browsers, CDNs and servers

I'm not an area expert, but common issues raised over the years:

- HTTP/2 as implemented by browsers requires HTTPS, and some people don't like HTTPS.

- HTTP/2 was "designed by a committee" and has: a lot of features and complexity; most of those features were never implemented by most of the servers/clients; most of those advanced features that were implemented were very naive "checkbox implementations" and/or buggy [0]; some were implemented and then turned out to be more harmful than useful, and got dropped (HTTP/2 push in browsers [1]) etc.

[0] https://github.com/andydavies/http2-prioritization-issues

[1] https://developer.chrome.com/blog/removing-push

The section on HTTP/2 is definitely out-of-date in some respects.

For starters, server push turned out to be very hard to use effectively, and in some situations could make things worse. It's been deprecated for awhile now, and last year Chrome effectively disabled it by always sending SETTINGS_ENABLE_PUSH = 0, which tells servers not to use it.

The HTTP/2 prioritization scheme was partly deprecated in RFC 9113. The browsers all have different interpretations, and Safari/Edge effectively don't use it. On top of that, many servers have TCP buffers that are too large to allow priority changes to work in time. RFC 9218 introduced simpler prioritization headers for HTTP/3, and it's been suggested as a backwards-compatible replacement for HTTP/2.

That's just in my area of expertise. There's probably more. It looks like a good book, but it seems it hasn't been updated in the decade since publishing.

Some links:

https://jakearchibald.com/2017/h2-push-tougher-than-i-though...

https://developer.chrome.com/blog/removing-push/

https://chromestatus.com/feature/6302414934114304

https://datatracker.ietf.org/doc/html/rfc9218

https://calendar.perfplanet.com/2022/http-3-prioritization-d...

https://blog.cloudflare.com/better-http-2-prioritization-for...

https://calendar.perfplanet.com/2018/http2-prioritization/

https://github.com/andydavies/http2-prioritization-issues

Just to add a few bits: I'm not an infra person so can't tell about managing a H2 deployment, but from frontend web performance perspective H2 is very interesting and somehow not used to its full potential.

H2 has built-in support for interesting concepts like prioritization and re-prioritization of requests. Unfortunately, most impls in clients and servers are either not full or not very good:

I recommend googling "http/2 prioritization" and checking blogs and talks from Andy Davies and Pat Meenan. The subject is super interesting and inherently hard; browsers need to make certain assumptions whether scripts, fonts or CSS are more important and should be prioritized and it's non-obvious how to handle it best.

https://github.com/andydavies/http2-prioritization-issues

https://medium.com/dev-channel/javascript-loading-priorities...

From a performance point of view, ECC certs are significantly smaller than RSA certs at a comparable level of security.

Smaller certs translate to fewer bytes going over the wire when doing TLS handshakes, reducing latency.

But it was really their lack of HTTP/2 push support and how their CDNs don't support H2 prioritization correctly[1] which annoyed me to the point of going back to Digital Ocean and running my own instance of H2o where I have full control.[2]

1. https://github.com/andydavies/http2-prioritization-issues

2. https://h2o.examp1e.net/configure/http2_directives.html#http...