Microsoft: Now HTTP needs replacing

The protocol used to deliver Web pages has reached its limits for Web services and peer-to-peer applications, according to Microsoft .Net evangelist Don Box
Written by Matt Loney, Contributor

Now that IPv4 is slowly being replaced by version 6 as a way of increasing the Internet's address space, it appears that another bedrock of the Internet, HTTP, is also reaching its limitations.

Delivering the keynote at European DevWeek in London on Tuesday, Microsoft .Net evangelist Don Box said HTTP presents a major challenge for Web services, for peer-to-peer applications and even for security. A replacement will eventually have to be found, he said, but it is not at all clear who will provide this replacement.

HTTP, or HyperText Transport Protocol, is used by virtually every Web page on the Internet. It is the mechanism by which a browser sends a request to a server on the Internet, and then receives the response.

"One of the big challenges facing Web services is our reliance on HTTP," said Box. However, there is nothing wrong with HTTP per se, as its ubiquity and high dependability means it is the only way to get a reliable end-to-end connection over the Internet, he added. "If people can't search the Web they call the IT department, so the IT department makes sure HTTP is always working. We have engineered the hell out of it." So much so, indeed, that Box likes to think of HTTP as the "cockroach of the Internet" because "after the holocaust it will be the only protocol left standing."

But, he said, we can't stay on HTTP forever, despite all the investment and engineering that have gone into it. Among the problems with HTTP, said Box, is the fact that it is a Remote Procedure Call (RPC) protocol; something that one program (such as a browser) uses to request a service from another program located in another computer (the server) in a network without having to understand network details.

This works for small transactions asking for Web pages, but when Web services start running transactions that take some time to complete over the protocol, the model fails. "If it takes three minutes for a response, it is not really HTTP any more," Box said. The problem, said Box, is that the intermediaries -- that is, the companies that own the routers and cables between the client and server -- will not allow single transactions that take this long.

"We have to do something to make it (HTTP) less important," said Box. "If we rely on HTTP we will melt the Internet. We at least have to raise the level of abstraction, so that we have an industry-wide way to do long-running requests -- I need a way to send a request to a server and not get the result for five days."

Another problem with HTTP, said Box, is that it is asymmetric. "Only one entity can initiate an exchange over HTTP, the other entity is passive, and can only respond. For peer-to-peer applications this is not really suitable," he said. The reason that peer-to-peer applications do work today, said Box, is that programmers create hacks to get around the limitations of the protocol, and this is not good. "It's all hackery, it's all ad-hoc and none of it is interoperable," he added.

There is work going on to address the shortcomings of HTTP, said Box. Several working groups are working on the problem at the W3C, the organisation responsible for Web standards. And even though Microsoft is working on the problem too, Box did say that Microsoft is unlikely to succeed alone.

"Microsoft has some ideas (on how to break the independence on HTTP), IBM has some ideas, and others have ideas. We'll see," he said. But, he added, "if one vendor does it on their own, it will simply not be worth the trouble."

For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section.

Have your say instantly, and see what others have said. Go to the Telecoms forum.

Let the editors know what you think in the Mailroom.

Editorial standards