OMG really? Do we want to make HTTP even bigger? Don't we want to dump it for good and look for something more suitable to what the modern web needs instead?
Rewriting a large and complex enterprise-class application is tough enough, and a task that can variously (and expensively) fail.
Rewriting the whole of the World Wide Web?
Your replacement had better have a solid compatibility and migration path with "legacy" HTTP, and provide a substantial improvement over what HTTP and the existing tools provides, and clients and a migration path for a majority of the platforms and tools and browsers and embedded browsers and embedded web servers in use, and the budget and the time to make the replacement push.
SPDY isn't really intended to replace HTTP I don't think, it's just speeding it up quite a bit. All the messages exchanged between client and server are still HTTP when using SPDY.
No, SPDY replaces HTTP but keeps many of the same high-level semantics. The messages are not HTTP; for example, the headers are a binary format and compressed which isn't possible with HTTP.
Well technically HTTP as an application-layer protocol is unchanged. So I don't really understand your comment. The messages are HTTP. Whether the headers are compressed by an underlying protocol (such as SPDY) doesn't seem to be relevant.
An application layer protocol is the layer above TCP and defines the formats of those messages over that transport. Other application layer protocols are, for example, FTP, DNS, and SMTP. SPDY and HTTP have completely different (and incompatible) message formats even though they are meant for the same task. And it isn't HTTP tunneled through SPDY; there are significant differences.
For example, although SPDY supports HTTP methods (GET, POST, PUT) the method and parameters are specified as headers in the request. Also, all the header names are lower-cased in SPDY. The client and server don't communicate by a single stream as in HTTP but instead communicate in frames over the stream that can contain multiplexed requests and responses.
At the very high level, you might be able to build an API that could handle web requests and responses over HTTP or SPDY interchangeably but that API isn't "HTTP".
I don't really want to argue about the semantics of OSI and what is or isn't an application layer protocol. I'll just point you to Google's own diagram of where SPDY fits in which is in the "SPDY design and features" section of the whitepaper here: http://www.chromium.org/spdy/spdy-whitepaper.
Here's the text from that section:
"SPDY adds a session layer atop of SSL that allows for multiple concurrent, interleaved streams over a single TCP connection.
"The usual HTTP GET and POST message formats remain the same; however, SPDY specifies a new framing format for encoding and transmitting the data over the wire."
Check out the "Main differences from HTTP" section. It's clearly not the same format as HTTP. Whatever they mean by "GET and POST message formats remain the same" it's not what you're thinking it means.
There's no confusion about the "semantics of OSI" -- you can't take a client that talks only HTTP and get it talk to a server that talks only SPDY (and vice-versa). They are different application level protocols, period.
The "Main differences from HTTP" section says this:
"SPDY is intended to be as compatible as possible with current web-based applications. This means that, from the perspective of the server business logic or application API, nothing has changed. To achieve this, all of the application request and response header semantics are preserved. SPDY introduces a "session" which resides between the HTTP application layer and the TCP transport to regulate the flow of data."
This even explicitly says that SPDY resides underneath the HTTP application layer.
So from the point of view of e.g. GMail, it is making HTTP requests via XmlHttpRequest still is it not? And from the point of view of my Django application sitting behind some future apache/nginx SPDY module I will still be accepting HTTP requests and responding with HTTP responses will I not?
It seems like SPDY sits in the same layer as SSL/TLS in HTTPS. It doesn't replace HTTP, merely changes how the messages are transported over the wire. To use your logic, you can't point an HTTPS-only client at an HTTP server and have it work or vice-versa, and yet I quote from wikipedia:
"HTTP operates at the highest layer of the OSI Model, the Application layer; but the security protocol operates at a lower sublayer, encrypting an HTTP message prior to transmission and decrypting a message upon arrival. Strictly speaking, HTTPS is not a separate protocol, but refers to use of ordinary HTTP over an encrypted SSL/TLS connection."
> So from the point of view of e.g. GMail, it is making HTTP requests via XmlHttpRequest still is it not?
No, it's making SDPY requests. It is, however, making that difference insignificant to the application developer using the xmlHttpRequest API. HTTP is a protocol not an API. This is exactly what the paper says; the protocol is designed to make the API differences very minimal.
> And from the point of view of my Django application sitting behind some future apache/nginx SPDY module I will still be accepting HTTP requests and responding with HTTP responses will I not?
No, Django doesn't talk HTTP -- Django talks WSGI or CGI. That hides many of the details of the protocol in use -- I imagine that you could run Django with a server that sends/receives web requests over FTP. That doesn't make FTP into HTTP.
SPDY does not sit in the same level as SSL. With SSL, HTTP packets are tunneled through it. SDPY replaces HTTP; there is no fully formed HTTP message inside. If SPDY was merely multiplexing and compressing HTTP streams in frames, I would agree that it would be like HTTPS. But SPDY doesn't contain HTTP streams; it's all right there in the document.
> No, Django doesn't talk HTTP -- Django talks WSGI or CGI. That hides many of the details of the protocol in use -- I imagine that you could run Django with a server that sends/receives web requests over FTP.
I don't know how you would make e.g that[1] work on FTP. Basically you would end up encapsulating HTTP inside FTP, not using one in place of the other.
A CGI script takes raw (yet conveniently split by the web server) HTTP data from ENV vars and stdin, and outputs HTTP data directly to stdout. Django HttpRequest and HttpResponse object merely provides a convenient helper for that and does not actually abstract anything. The web server pipes the response as is straight to the client via TCP (unless there is SSL, where it will just obliviously encrypt the stream).
To comply with that, as SPDY is a replacement to HTTP, mod_spdy transcodes stuff live [2].
Why exactly do you say HTTP is unsuitable for the modern web? If anything, the problem is that we don't abide by it enough.
More codes - which, by the way, do not increase the size of the packets - are better for the "modern web", the one where REST APIs are being adopted and which has more and more automated clients which require computer readable information.
