Hacker News new | past | comments | ask | show | jobs | submit login

Ooh, it’s finally published, huh?

Not certain about timing, but I believe browsers have all supported it for 2–4 years.

Simplifying beyond the point of strict accuracy, this is a signal so that when your browser asks DNS “where’s the example.com server?” the response mentions “oh BTW it supports HTTP/3” and so the browser goes straight to https://example.com over HTTP/3. Otherwise, first-time visitors will commonly go to http://example.com over HTTP/1.1, and then be redirected to https://example.com over HTTP/1.1 or HTTP/2 (negotiated at TLS handshake time), and only use HTTP/3 on subsequent visits.

It’s a pity that supporting HTTP/3 takes extra effort compared to HTTP/1 or HTTP/2, but it’s not really avoidable.




Do you happen to know what this is called in CanIUse & friends?

It would be neat to see what the actual support is. "All browsers" usually means "Chrome and maybe Firefox if you're lucky", unfortunately.


Here's a request discussion to add support in Can I use:

https://github.com/Fyrd/caniuse/issues/6091


Maybe they shouldn't have used http:// for something that isn't http.

Nah, users are too dumb and "my precious adoption rates"


I guess it's more "my precious marketing".

General consensus in marketing seems to be that people can't memorize anything more than domain names, and maybe also a "www." or a single word path behind the domain - but the scheme seems to be universally seen as "technical cruft that non-technical users can't be expected to deal with". (with the one exception that "http:// = bad and https:// = good")

So I guess companies don't want a situations in which they suddenly have to teach their users that, no, it's not "awesomecorp.com", it's actually "https3://awesomecorp.com" (but NOT https://3awesomecorp.com, that's a scammer) etc etc


The main motivation here is the desire to have a seamless transition to newer protocols without having to change the site. This way, your hosting service can enable HTTP/3 and it will just work with an HTTP/3 compatible browser. This is the way every upgrade in TLS and HTTP has worked for quite some time.

It's especially important with HTTP/3 because there are network environments where HTTP/3 doesn't work and so you need to fall back to HTTP/2, and you obviously want that to work seamlessly.

In addition, the basic security structure in the Web is the origin, defined in RFC 6454, and origins are defined by a triplet of [scheme, host, port]. It would not be good to have HTTP over TLS and HTTP/3 be different origins. For instance, you don't want to lose all your cookies if the site turns HTTP/3 on or off.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: