HTTP/2 Finalized

An anonymous reader writes: Mark Nottingham, chair of the IETF HTTP working group, has announced that the HTTP/2 specification is done. It's on its way to the RFC Editor, along with the HPACK specification, where it'll be cleaned up and published. "The new standard brings a number of benefits to one of the Web's core technologies, such as faster page loads, longer-lived connections, more items arriving sooner and server push. HTTP/2 uses the same HTTP APIs that developers are familiar with, but offers a number of new features they can adopt. One notable change is that HTTP requests will be 'cheaper' to make. ... With HTTP/2, a new multiplexing feature allows lots of requests to be delivered at the same time, so the page load isn't blocked." Here's the HTTP/2 FAQ, and we recently talked about some common criticisms of the spec.

IE once again kills innovation

[Billly+Gates]

MS will only support this in Spartan on Windows 10. Which means 7 and XP are already out of support.

Re:IE once again kills innovation

Incorrect; HTTP/2 is also supported in the classic IE 11 on Windows 10. In fact, we are having trouble with it already in the current Technical Preview 2 of Windows 10 that does not contain Spartan (some sites don't negotiate it correctly and take over 30 seconds to load until you turn off HTTP/2 in the browser). Of course, the current build is using draft-14 of the spec as are most other implementations today (some are on draft-16).

However, you are correct that IE 11 on Windows 7 is not going to support HTTP/2. That makes sense, because Windows 7 has exited standard support and entered extended support which means security patches only from here on out. But, you can use Chrome on Windows 7 which will be supporting HTTP/2 shortly.

Re:IE once again kills innovation

[DarkOx]

Which will mean one of three things:

1) HTTP/2 will not be used in the wild for anything important. Due to the sheer number of Win7/8 machines out there with IE versions that don't support it.

2) Users on windows will move away from IE. Once people leave they don't typically come back so IE will eventually become an also ran.

3) Microsoft will fear loosing to much browser market share, will back pedal and backport spartan.

Re:IE once again kills innovation

[QuasiSteve]

4) People enable it on their servers and those with browsers that do support it enjoy the benefits (and possibly some of the side-effects) that it brings, while everybody else will either chug along on HTTP/1.1 or even HTTP/1.0, or switch to a browser that does support HTTP/2, and whether or not older versions of IE support it remains a non-issue.

Re: IE once again kills innovation

[rkcth]

It's hard to take your knowledge in this matter seriously, since you call it HTML/2.

Re:IE once again kills innovation

[Richard_at_work]

3) Microsoft will fear loosing to much browser market share, will back pedal and backport spartan.

Didn't work for DirectX, don't think it will work for this.

Re:IE once again kills innovation

[rock_climbing_guy]

As a web developer, I can only imagine how much more pleasant my work would be if I asked my customer, "What versions of IE does this application need to support?" and the response was, "IE? What's IE?"

Re:IE once again kills innovation

[93+Escort+Wagon]

If people do "switch to a browser that does support http/2", it will be for some other reason unrelated to the protocol - getting http/2 support will be serendipitous. Very few people other than tech heads are going to care about the protocol, one way or the other... they won't even be aware of it.

Re:IE once again kills innovation

[DarkOx]

The masses will switch as soon as they see "Did you know Facebook could be faster --> Click Here ---"

Re:IE once again kills innovation

[DarkOx]

The web is a different place than it used to be. Let me take you back to 199[345].

There were four kinds of Internet Users:

Group 1)
Has just arrived at your GeoCities page with its "optimized for Netscape" banner after following several webring links. They had only recently finished unboxing their Packard Bell and working out the relationship between the mouse and the cursor.

The were sitting in front of Windows 3.1x feeling a mix of awe and pride in their AOL dialing skills and terror they might some how break this machine having just spent nearly a months salary on it, because the kids teacher said they should get a PC. They were not about to download anything let alone install it. They still had the sakes from last time they tried something like that, and continue to wonder who this Gen. Protection Fault is and what he did to their computer.

Group 2)
Were practically experts by today's standards. They maybe had a 286 from a few years back and remembered some DOS commands. This and their command of cutting and pasting into notepad from "View Source" in Navigator has enabled them FTP their very own page to GeoCities that folks in group 1 are now viewing.

Group 3)
Has some professional or academic experience using a platform other than DOS and Netware. They are already frustrated back the lack of development the X11R2 edition of Navigator is seeing. Its fine they because all the stuff they think is really worth while is still available via BBS, and someone was good enough to install Lynx and internet gateway in case they do want to look at GeoCities. They had formed their opinion about what browser was good an proper and nothing was going to make them change, EVER.

Group 4)
Mac users, this group was small and mostly ashamed of themselves during this period. They clung to the belief their shitty platform was in someway superior to Microsoft's shitty platform running on Packard Bell (it wasn't). They really did not having anything to choose from besides Netscape, no matter what the banners indicated and they knew it.

In short things were nothing like today; well actually group 3 hasn't change much. Groups 1 and 2 merged; but the fear is gone. These people will run anything now. Ask them to put their password in so they can run NoIreallyAmATrojanLookingToStealYourOnlineBankingPassword.exe and they probably will if you promise them some extra Facebook likes on their posts or something.

Group 4) Is all self assured again. Some group 3 folks are joining them, although they still don't really mix at parties.

Heaven forbid! Actual news for nerds on Slashdot!

[Xharlie]

The post even has counter-arguments and links to stuff. Are the 90's back again? Do I hear rave music, modem hand-shake tones and browser wars?

(binary protocol)--

[jjn1056]

I'm really going to miss being able to telnet to a server and troubleshoot using plain text. Feels like a lot of simple has disappeared from the internet

Re:(binary protocol)--

[Lennie]

I'm really going to miss being able to telnet to a server and troubleshoot using plain text. Feels like a lot of simple has disappeared from the internet

Yes, HTTP/2 is a multipllexing binary framing layer, but it has all the same semantics of HTTP/1.x on top.

HTTP/2 is 'just' an optimization. So if your webserver supports HTTP/1.x and HTTP/2 then you can still use telnet to check whatever you want and it should give the same result as HTTP/2.

But you also have to remember:
The IETF which is the group of people who design the Internet protocol made this statement:
https://www.iab.org/2014/11/14...

"Newly designed protocols should prefer encryption to cleartext operation."

The W3C made a similar statement, there are also drafts with the intention to moving to HTTPS by default.

So it is all moving to TLS protocols like HTTPS or STARTTLS for SMTP anyway. Those are clearly not text protocol either.

So even if you want to interact with the text protocol used inside that TLS-encrypted connection, you'll need to use a tool because netcat or telnet won't cut it.

Let's look at HTTP, because this is a HTTP/2 article.

That tool could be the openssl s_client, but as you can see that is kind of cumbersome:
echo -en "HEAD / HTTP/1.1\nHost: slashdot.org\nConnection: close\n\n" | openssl s_client -ign_eof -host slashdot.org -port 443 -servername slashdot.org

But I suggest you just use:
curl -I https://slashdot.org/

The main developer for cURL works for Mozilla these days and is one of the people working on the HTTP/2 implementation in Firefox and is writing a document explaining HTTP/2: http://daniel.haxx.se/http2/
So as you would expect Curl supports HTTP/2:
https://github.com/http2/http2...

Basically every browser include 'developer tools' which will also let you see the headers and everything else you are used from HTTP/1.x.

I would rather see we all move to using encrypted protocols then that we can still use telnet.

Great if optimizing the wrong thing is your thing

Web pages being slow has nothing to do with HTTP and all to do with bloat eating every bit of performance that is available to the marketers who are in charge of the web now. A binary protocol to save a couple of bytes in times where every web page loads at least three "analytics" scripts weighing dozens of kbytes each. Marketing rots the brain.

Not really happy

[Aethedor]

As the author of an open source webserver, I must say that I'm not really happy with HTTP/2. It adds a lot of extra complexity to the server side of the protocol. And all sorts of ugly and nasty things in HTTP/1 (too much work to go into that right now) have not been fixed.

What I have experienced is that SPDY (and therefor also HTTP/2) will only offer more speed if you are Google or are like Google. Multiplexing doesn't offer that much speed increase as some people would like you to believe. Often, the content of a website is located on multiple systems (pictures, advertisements, etc), which still requires that the browser uses more than one connection, even with HTTP/2. Also, HTTP/1 already allows a browser to send multiple requests without waiting for the response of the previous request. This is called request pipelining, but is turned off by default in most browsers. What I also often see is that a browser makes a first request (often for a CGI script) and the following requests (for the images, JS, CSS, etc) are never made due to browser caching. So, to me HTTP/2 adds a lot of complexity with almost no benefits in return.

Then why do we have HTTP/2? Well, because it's good for Google. They have all the content for their websites on their own servers. Because IETF failed to come up with a HTTP/2 proposal, a commercial company (Google in this case) used that to take control. HTTP/2 is in fact a protocol by Google, for Google.

In my experience, you are far better off with smart caching. With that, you will be able to get far better speed-increase results than HTTP/2 will ever offer. Specially if you use a framework that communicates directly with the webserver about this (like I did with my PHP framework). You will be able to get hundreds to thousands requests per second for a CGI script instead of a few tens of requests. This is a speed increase that HTTP/2 will never offer.

I think this is a failed change to do it right. HTTP is just like SMTP and FTP one of those ancient protocols. In the last 20 years, a lot has changed. HTTP/1 worked fine for those years. But for where the internet is headed, we need something new. Something completely new and not a HTTP/1 patch.

Re:Not really happy

[Marginal+Coward]

Then why do we have HTTP/2? Well, because it's good for Google....HTTP/2 is in fact a protocol by Google, for Google.

Those are interesting points, but I don't understand why Google would ever be able to hijack a standard like this when there are plenty of other big players such as Microsoft, Facebook, and Amazon to counteract their Machiavellian schemes. I could believe that HTTP/2 might benefit big organizations more than a typical little guy like me who uses shared web hosting (and not even a CDN), but is there something about HTTP/2 that uniquely favors Google over all the other big players?

Re:Not really happy

[higuita]

And for the http/1.1 pipeline, it simple don't work... 90% of the sites can work with it, but others fail and fail badly... the page take forever to load, waiting for resources that were asked but never received. all browsers tried to enabled it and all had to revert it due to the (few but important) problems founds that are impossible to solve without a huge whitelist/blacklist of servers (impossible to really implement and a pain for all those important and old internal servers)

So the 2 major issues that http/2 want to solve are really the tls slow start and a working pipeline... By announcing http/2, a browser knows that this things do work and are safe to use, no more guessing games and workarounds for bad servers.

Re:Not really happy

[raxx7]

You might be happier if you researched why HTTP pipelining is off in most browsers and what problem it actually wants to solve.

First, HTTP/1.1 pipelining and HTTP/2.0 are not about increasing the number of request your server can handle. It's mainly about reducing the effect of round trip latency in page loading times, which is significant.
If a browser is fetching a simple page with 10 tiny elements (or even cached elements subject to conditional GET) but the server round trip latency is 100 ms, then it will take over 1 second to load the page.

HTTP was a first attempt to solve this problem, by allowing the server to send multiple requests over the connection without waiting for the earlier requests to complete.
If you can pipeline N requests, the round trip latency contribution is divided by N.
However, HTTP/1.1 pipelining has two issues which led most browsers to disable it by default (it's not because they enjoy implementing features not be used):
- There are or were a number of broken servers which do not handle pipelining correctly.
- HTTP/1.1 pipelining is subject to head of line blocking: the server serves the requests in order and a small/fast request may have to wait inline behind a larger/slow request.

Instead, browsers make multiple parallel requests to each server.
However, because some servers (eg, Apache) have problems with large numbers of requests so browsers use arbitrary low limits (eg, 4-8 parallel requests per hostname).

HTTP/2.0 attempts to solve these shortcomings by:
a) being new, hopefully without broken servers out there
b) using multiplexing, allowing the server to serve the requests in whatever order. Thus, no head-of-line blocking.

So. HTTP/2.0 is, fundamentally, HTTP/1.1 pipelining without these shortcomings. We hope.

Re:Not really happy

[raxx7]

What happened to HTTP/1.1 pipelining is fortunately not a common case: popular webserver breaks the standard and doesn't get fixed, making the standard de facto useless. While it's not impossible for the same to happen with HTTP/2.0, this type of situation is more the exception than the norm.
All popular webservers today strive for a good degree of standard compliance.

But, maybe as importantly, as pointed out before, that was not the only problem with HTTP/1.1 pipelining. You also have the head of line blocking problem, which is a fundamental design problem.
This reduced the case to enable HTTP/1.1 pipelining in the browsers and to fix the broken server software.

Re:Not really happy

- There are or were a number of broken servers which do not handle pipelining correctly.

Wrong, there are so few servers that are broken that neither Mozilla nor Google could determine what software was broken. The "unknown" broken software was possibly malware or antivirus. Today pipelining works fine. It's disabled because Google rushed SPDY out to preempt pipelining from being turned on.

b) using multiplexing, allowing the server to serve the requests in whatever order. Thus, no head-of-line blocking.

Also wrong. Using multiple connections is faster when there is packet loss, because only one connection's bandwidth is slowed down by a lost packet and the others proceed normally. Head of line blocking and multiple connections makes pages load faster in these cases because data is sent over connections that aren't slowed. With HTTP/2 you have the whole page being sent over 1 TCP connection and if it slows down from packet loss then the entire page loads slowly.

Furthermore, "head of line" describes the order that resources are delivered, in order instead of interleaved. The same amount of data has to be transferred, and pages delivered that way can render both faster or slower. Interleaved is far more complicated and there's no guarantee that it causes pages to render more quickly.

Don't just parrot these unsupported claims that Google makes. They don't post the data from their research and only give talking points for a reason: because it doesn't fit their agenda to push this protocol.

Re:Not really happy

[rjstanford]

4 000 000 000 is 10 characters once the whitespace is stripped out. Roughly the same number in HEX is FF FF FF FF, a saving of 20%

You're kidding, right? The number 4 billion can be represented in 32 bits, or the same total space as 4 ASCII characters.

Re:Not really happy

[bill_mcgonigle]

What I have experienced is that SPDY (and therefor also HTTP/2) will only offer more speed if you are Google or are like Google.

This is so worn out it's even in the FAQ.

Multiplexing doesn't offer that much speed increase as some people would like you to believe.

It's good for every high-latency connection, like all the small sites have. I run a server on a VM on a generic Xeon box behind a DSL line, four hops from a backbone, for security and privacy reasons. It'll be great for my use case - I can't really compete with the big guys for responsiveness the way it is now.

Often, the content of a website is located on multiple systems (pictures, advertisements, etc), which still requires that the browser uses more than one connection, even with HTTP/2.

So, every one of those requests will be faster.

Also, HTTP/1 already allows a browser to send multiple requests without waiting for the response of the previous request. This is called request pipelining

Pipelining and multiplexing are different.

So, to me HTTP/2 adds a lot of complexity with almost no benefits in return.

So, don't add HTTP/2 support to your server - if nobody leaves then nobody wanted it. HTTP/1.1 will be supported for the next two decades.

Then why do we have HTTP/2? Well, because it's good for Google. They have all the content for their websites on their own servers.

Install Status4Evar - you'll see Google sites constantly jumping across all their domains, stalling on many of them.

Because IETF failed to come up with a HTTP/2 proposal, a commercial company (Google in this case) used that to take control. HTTP/2 is in fact a protocol by Google, for Google.

That just happens to help everybody else. Your critique of IETF's failure of leadership is quite valid, though. People have been hacking around HTTP/1.1's problems for the past 17 years and if Google hadn't done SPDY, we'd still be in that situation.

In my experience, you are far better off with smart caching. With that, you will be able to get far better speed-increase results than HTTP/2 will ever offer.

Agreed wholeheartedly! Nobody is arguing for not optimizing each layer of the stack. Proper caching can yield whole-number multipliers for responsiveness, not just mere percentages like HTTP/2!

In the last 20 years, a lot has changed. HTTP/1 worked fine for those years.

Read up on so many of the tricks browsers and servers (especially CDN ops) do to make HTTP/1.1 usable. These hacks are what inspired some of the SPDY changes, by people knee-deep in those hacks.

But for where the internet is headed, we need something new. Something completely new and not a HTTP/1 patch.

That would be great too. Do you have a proposal? Incremental approaches are usually easier to find acceptance for because they're more clearly understood and carry less risk of unexpected consequences.

From the draft...

[johnnys]

"HTTP/2... also introduces unsolicited push of representations from servers to clients."

Seriously? Do we need yet ANOTHER way for a server to push unwanted code and malware onto our client systems? This is the greatest gift we could POSSIBLY give to the cybercriminals who want to break into our systems.

How about we think of security somewhere in this process, instead of pretending it's someone elses's problem?

Re:From the draft...

[mangobrain]

I think you misunderstand what is going on here. Server push is basically a way for sites to pre-populate a browser's cache, by sending it suggested requests for things it doesn't yet know it will need ("push promises"), and the responses to said requests (the pushes themselves). If the server pushes responses to requests that the client never actually ends up making - not even to the extent of pulling the data from its local cache - then the pushed data will never be processed.

Unless you are sitting on an unpublished proof-of-concept, the only malicious use I can see is filling up the cache of a poorly written browser with nonsense. This is already feasible with HTTP/1.x via any number of means.

To inject unsolicited, *processed* (as opposed to cached then ignored) data into a browser using HTTP/2 server push, an attacker would also need to control some resource which the client has already requested, and manipulate it in a way which results in the client needing to load the pushed resource. I don't see how this is any less onerous for an attacker than hijacking an HTTP/1.x resource: that initial hijacking, be it by XSS, rooting the server or any other already-extant method, must still be performed. In fact using HTTP/2 push arguably complicates things, since being able to inject the push itself implies either complete control over the server, or a hijack of the entire session!

Sure, the implementation of the feature itself in any particular HTTP/2 stack could be buggy, but so could anything else.

Re:From the draft...

[swillden]

"HTTP/2... also introduces unsolicited push of representations from servers to clients."

Seriously? Do we need yet ANOTHER way for a server to push unwanted code and malware onto our client systems?

Yes, we do.

What you're missing here is that this is pushing content that the browser was going to request in a few hundred milliseconds anyway. Why was the browser going to request it? Because the web page included a link to it.

The only way this change could affect security is if you assume a threat model where the attacker is able to modify the web server to get it to push additional content to the browser but is somehow unable to modify the content the server is already pushing anyway. If the attacker can do the latter, he can simply insert links to his additional content and the browser will obediently request them. If we think that this thread model is a risk worth mitigating, the solution is trivial: Browsers should accept pushed content but not begin to parse it until it's referenced from the page or whatever.

Actually, it's pretty unclear what browsers would even do with such pushed content until they'd found it referenced. It would have an attached content type, but most of the time what to do with content depends pretty heavily on the context -- and browsers are generally (rightly) skeptical of content type labels anyway.

This is the greatest gift we could POSSIBLY give to the cybercriminals who want to break into our systems.

Well that's a nice bit of hyperbole. It contains no truth, though.

How about we think of security somewhere in this process, instead of pretending it's someone elses's problem?

How about we understand what's actually going on, before blowing our stack?

Re:Great if optimizing the wrong thing is your thi

[Dagger2]

The main problem isn't the size of the stuff that gets loaded. What's dozens of kb these days? Even a megabyte takes a tenth of a second to transfer on my connection. The problem is latency: it takes more than 100ms for that megabyte of data to even start flowing, let alone get up to speed. That's what the multiplexing is intended to deal with.

That said, the root cause of all this is the sheer amount of unnecessary stuff on pages these days. Fancy multiplexing or not, no request can finish faster than the one that's never made.

Slashdot

[ledow]

While we're discussing HTTP, what's wrong with Slashdot lately?

I keep getting timeouts, signed out, nothing but the front page, everything else loaded from a CDN (that just gives me browser security warnings because it's not coming up as slashdot.org), etc.

Are you guys under attack, or just unable to keep a site with ~100 comments per article up?

Re:Slashdot

[sysrammer]

Remember when getting Slashdotted meant that *another* site had problems?

Please run spellcheck this time

[master_kaos]

So you don't having something like HTTP_REFERER again

Re:Great if optimizing the wrong thing is your thi

[Bengie]

It's a bandwidth vs latency issue. HTTP1/1.1 is more latency sensitive, HTTP2 helps high latency. You say that pages load slowly because they're so large, yet these large bloated web pages consume nearly no bandwidth. HTTP2 multiplexing allows async requests and preemptive pushing of data, which should allow better usage of bandwidth. Fewer connections will also allow for quicker TCP relieve window ramp up and reduce the thundering hurd issue that many connections over a congested link creates.

Let's see if HTTP/2 is adopted faster than IPv6.

[codealot]

Existing standards that are "good enough" tend to be hard to replace.

Re: Slashdot is dead!

"It'll" is a contraction, not slang, you fucking nitwit.

Pay per bit still exists

[tepples]

What's dozens of kb these days? Even a megabyte takes a tenth of a second to transfer on my connection.

Which means you could burn through a 5 GB/mo cap in less than 9 minutes.[1]

Cellular ISPs in the United States charge a cent or more for each megabyte. Satellite and rural DSL ISPs tend to charge half a cent per megabyte.[2] This means cost-conscious users will have to either install ad blockers or just do without sites that put this "sheer amount of unnecessary stuff on pages".

[1] 5000 MB/mo * 0.1 s/MB * 1 min/60 s = 8.3 min/mo
[2] Sources: major cell carriers' web sites; Exede.com; Slashdot/a

Re:Heaven forbid! Actual news for nerds on Slashdo

[PhrostyMcByte]

Natalie Portman, get your grits ready!

Re:Great if optimizing the wrong thing is your thi

[AFCArchvile]

Most of that bloat you speak of is delivered via Javascript. A few weeks ago, I finally put my foot down and made my default browser Firefox with NoScript. I have a (very) small list of sites allowed to execute scripts, and most of the time I will browse a website in its broken state, since I can still see all the text and images. It even foils the news websites that use Javascript to "faux-paywall" their content behind canvases, as opposed to only sending part of the story content from the server (I'm still shaking my head as to who on the business side thought this was a good business stance since one can still read most of the articles for free, but that's another discussion entirely). But lo and behold, once I started a staunch NoScript policy, page loads completed much faster, cookie sprawl was reduced, and Firefox's memory usage stayed relatively low. I also started to learn which scripts from which servers were truly allowed for things like externally-served comment systems (disqus, etc.), and also noticed the way that some webpages end up triggering a cascading dependency of server connections due to scripts calling scripts on other servers, etc.

One of the worst instances of cascading Javascript sprawl that I've seen was a page from The Verge, with 33 domains allowed (including theverge.com) executing 133 scripts. The SBNation "eulogy for RadioShack" article had the "script counter" go over 160. Oh, and that's leaving out web fonts, which NoScript also blocks (which also reveals how often some websites use custom fonts to draw vector-based icons; you can see the Unicode codes for each character since the font isn't loaded). Vox seems to love abusing Javascript in their designs; it's most of the reason why I've abandoned reading Polygon (the other reasons being the banal editorial content, aside from a few notable articles). In comparison, Slashdot is currently asking for 21 scripts, but is running perfectly fine without any Javascript enabled (despite nagging here and there).

I've ended up moving YouTube browsing to Pale Moon, since it natively supports the HTML5 player without issues. I may end up moving all of my browsing to Pale Moon with NoScript, since it natively supports a status bar.

The whole situation with the Javascript bloat reminds me of the scene from Spaceballs where Lonestar tells Princess Vespa, "Take ONLY what you NEED to SURVIVE." We're stuck with a bunch of prima donna web designers who want to duct tape on more adverspamming and social spying avenues to their website, and not standing back and taking a look at how bad it's impacting the user experience, not to mention the bloat from the hundreds of extra scripts and objects loaded by the browser, as well as the tens of connections to third-party servers.

Re:Great if optimizing the wrong thing is your thi

[websitebroke]

Which is how we'll know who to put up against the wall and shoot.

And don't forget...

[DocHoncho]

...to pay your $699 licensing fee you cock-smoking teabaggers.

Re:Great if optimizing the wrong thing is your thi

[Dagger2]

No... maybe. It depends.

Amdahl's law is in full force here. There comes a point where increasing the bandwidth of an internet connection doesn't make pages load faster, because the page load time is dominated by the time spent setting up connections and requests (i.e. the latency). Each TCP connection needs to do a TCP handshake (one round trip), and then each HTTP request adds another round trip. Also, all new connections need to go through TCP window scaling, which means the connection will be slow for a few more round trips. Keep-alive connections help a bit by keeping TCP connections alive, but 74% of HTTP connections only handle a single transaction, so they don't help a great deal.

Oh! by the way, not everybody's connection is like yours, specially over mobile networks.

Mobile networks (and, yes, satellite) tend to have high latency, so round-trips are even more of the problem there. Also... when people shop for internet connections, they tend to concentrate on the megabits, and not give a damn about any other quality metrics. So that's what ISPs tend to concentrate on too. You'll see them announce 5x faster speeds, XYZ megabits!!, yet they don't even monitor latency on their lines. And even if your ISP had 0ms latency, there's still the latency from them to the final server (Amdahl's law rearing its ugly head again).

Given all that, I think I'm justified in saying that the main problem with page loading times isn't the amount of data but the number of round-trips required to fetch it. Reducing the amount of data is less important than reducing the number of, or impact of, the round-trips involved. And that's the main problem that HTTP/2 is trying to address with its fancy binary multiplexing.

(Now, if your connection is a 56k modem with 2ms latency, then feel free to ignore me. HTTP/2 isn't going to help you much.)