FalseStart - another protocol tweak that failed
Mike Belshe <mike@belshe.com> Wed, 11 April 2012 21:17 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC75411E80D3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 11 Apr 2012 14:17:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.178
X-Spam-Level:
X-Spam-Status: No, score=-9.178 tagged_above=-999 required=5 tests=[AWL=-0.691, BAYES_05=-1.11, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9G+TpSoybX5x for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 11 Apr 2012 14:17:13 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id E39FC11E80B8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 11 Apr 2012 14:17:09 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SI4sw-00036T-Jj for ietf-http-wg-dist@listhub.w3.org; Wed, 11 Apr 2012 21:15:26 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <mike@belshe.com>) id 1SI4si-0002kT-9D for ietf-http-wg@listhub.w3.org; Wed, 11 Apr 2012 21:15:12 +0000
Received: from mail-iy0-f171.google.com ([209.85.210.171]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <mike@belshe.com>) id 1SI4se-00055X-Lh for ietf-http-wg@w3.org; Wed, 11 Apr 2012 21:15:10 +0000
Received: by iadj38 with SMTP id j38so2097424iad.2 for <ietf-http-wg@w3.org>; Wed, 11 Apr 2012 14:14:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-gm-message-state; bh=rT2RjYyH5qdZocf25CUoVSh7V9jIJ38Q803dX+1XprA=; b=TUWOf26NcBOdEmg7ayR3oLuaNtHlmKdnXF3WJDmHxR6cRprpD4Q/yyt08O8xdtwex0 ap0+CwfyapjW66NXc+k9N1x9lEWEtwo6q93VX45tYDiMGGwuuMMn0EhM0MS3aB1yHqZ1 Xf5nC2lapvGNxrmi1dkU/pGaV6cTL7B3gFmLj5WN4TeJmCyRlIH4B0zwyeJRTNOkopXs qnzZSttzezmPPBnr7jjPpc4BZC/HSFpVryI7was0WkeG9gE7Yv1r10WjMhPll/fkmYe7 HSqT4qq+jGWbdmZ3kvoOMzfqPwqAklKBN1t7VfPPWVbABPt9GB1PueBmQEBLvFA9lI+R XGQg==
MIME-Version: 1.0
Received: by 10.50.212.97 with SMTP id nj1mr3461897igc.65.1334178883319; Wed, 11 Apr 2012 14:14:43 -0700 (PDT)
Received: by 10.50.214.42 with HTTP; Wed, 11 Apr 2012 14:14:43 -0700 (PDT)
Date: Wed, 11 Apr 2012 14:14:43 -0700
Message-ID: <CABaLYCuMpi9Fuz6FwhSrHuO9zmrQjgh-4JCACMu2=yqz1F4BuA@mail.gmail.com>
From: Mike Belshe <mike@belshe.com>
To: httpbis mailing list <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="14dae9340d196836ab04bd6dba6f"
X-Gm-Message-State: ALoCoQmYFiLwNQpMRyQgBpYtX7x3gzE6C2q65zhs1H9jETzEMPRPgWFr0suTk8AEv75sTp4snxvs
Received-SPF: none client-ip=209.85.210.171; envelope-from=mike@belshe.com; helo=mail-iy0-f171.google.com
X-W3C-Hub-Spam-Status: No, score=-2.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: lisa.w3.org 1SI4se-00055X-Lh dbffaa44c8ba23941bc242437e5263ca
X-Original-To: ietf-http-wg@w3.org
Subject: FalseStart - another protocol tweak that failed
Archived-At: <http://www.w3.org/mid/CABaLYCuMpi9Fuz6FwhSrHuO9zmrQjgh-4JCACMu2=yqz1F4BuA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13428
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SI4sw-00036T-Jj@frink.w3.org>
Resent-Date: Wed, 11 Apr 2012 21:15:26 +0000
This is slightly off topic from HTTP/2.0, but has a relevant theme. If you're not familiar with False Start, its a minor, protocol compatible implementation tweak to the TLS handshake which has spectacular performance results and works for 99+% of all existing SSL implementations. It has been enabled in Chrome for over a year and has demonstrated fantastic performance benefits. Sadly, it is being disabled soon due to a small and untractable number of sites that have SSL implementations which can't be readily fixed nor identified. Here is the recent news about FalseStart: http://www.imperialviolet.org/2012/04/11/falsestart.html Here is some of the benefit of FalseStart: http://www.belshe.com/2011/05/19/ssl-falsestart-performance-results/ Here is the FalseStart description: https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00 *What we can learn from this:* a) Running new protocols, or even existing protocols with new patterns, is very fragile on today's internet. b) Compatibility is key. Even a tiny fraction of users being broken will be enough to kill the protocol by way of browser disablement. Pipelining and FalseStart are just two examples. c) Being able to identify hosts that fail on any new protocol is unlikely. We often use wishful thinking that we can identify bad hosts via blacklists or fast-fail mechanisms. However, past experience shows that while you can identify most problems, you probably can't identify all problems, and even a small number of problems is enough to torpedo the whole thing. d) Internet problems are global. While we might write up the problem and solution in English many times, for the folks not speaking English, it takes much longer for them to learn about any changes we make. This makes it harder for them to identify when they have a problem and also harder for them to identify how to solve it. Mike
- FalseStart - another protocol tweak that failed Mike Belshe