Via the HTTP working group list comes a post from Poul-Henning Kamp
proposing that HTTP 2.0 (as it exists now) never be released after the plan of adopting Google's SPDY protocol
with minor changes revealed flaws that SPDY/HTTP 2.0 will not address. Quoting: "The WG took the prototype SPDY was, before even completing its
previous assignment, and wasted a lot of time and effort trying to
goldplate over the warts and mistakes in it.
And rather than 'ohh, we get HTTP/2.0 almost for free', we found
out that there are numerous hard problems that SPDY doesn't even
get close to solving, and that we will need to make some simplifications
in the evolved HTTP concept if we ever want to solve them. ...
Wouldn't we get a better result from taking a much deeper look
at the current cryptographic and privacy situation, rather than
publish a protocol with a cryptographic band-aid which doesn't solve
the problems and gets in the way in many applications ? ...
Isn't publishing HTTP/2.0 as a 'place-holder' is just a waste of
everybody's time, and a needless code churn, leading to increased
risk of security exposures and failure for no significant gains ?"