14 DAY TRIAL // Perhaps it should come as no surprise, particularly in the light of the institutionalized surveillance that the NSA is running, that the future HTTP 2.0, which will serve as the replacement for the ancient protocol that underlies the web, will only work over encrypted connections.
Google's SPDY protocol, on which HTTP 2.0 is based, only works over encrypted connections already.
Microsoft and others fought against the requirement to have encryption required by default, but in the light of the recent revelations surrounding the NSA, the decision became even easier.
The discussion around HTTP 2.0 is still ongoing, but a consensus seems to be building on the issue surrounding encryption, and that is to use proper encryption all the time.
"HTTP/2 to only be used with https:// URIs on the 'open' Internet. http:// URIs would continue to use HTTP/1 (and of course it would still be possible for older HTTP/1 clients to still interoperate with https:// URIs)," Mark Nottingham, chair of the HTTPbis working group, which is working on standardizing HTTP 2.0, wrote in the working group's email list.
"In discussions with browser vendors (who have been among those most strongly advocating more use of encryption), there seems to be good support for [always on encryption]," he added.
In practice, what this means is that HTTP 2.0 will only be used over encrypted https:// connections. Websites accessed via plain text http:// connections will be served via the existing HTTP 1.1 standard, so the only way to use HTTP 2.0 is to upgrade to a https:// connection.
There will be exceptions to this, i.e. an HTTP 2.0 standard for regular http:// connections will be defined, but this won't be used on the "open" web, but only in private or local configurations and networks. So it will be technically possible to use HTTP 2.0 over unencrypted connections, but not to browse the web.
And, in case you were wondering, Nottingham made it clear in a tweet that the decision was influenced by the increasing surveillance and attacks on Internet privacy by governments.