🎉 #Quad9 has finally decided to retire something nobody even knew existed! 🚀 By December 2025, HTTP/1.1 will be laid to rest, and Quad9 will bravely venture into the future of internet protocols...with the speed of a sloth on a lazy Sunday. 🤦‍♂️
https://quad9.net/news/blog/doh-http-1-1-retirement/ #HTTP1.1 #Retirement #InternetProtocols #FutureOfTech #SlothSpeed #HackerNews #ngated

🌘 Quad9 將於 2025 年 12 月 15 日淘汰 DNS-over-HTTPS (DoH) 的 HTTP/1.1 支援
➤ 預告服務轉型：DNS-over-HTTPS 將告別 HTTP/1.1
✤ https://quad9.net/news/blog/doh-http-1-1-retirement/
Quad9 公告將於 2025 年 12 月 15 日停止支援使用 DNS-over-HTTPS (DoH) 的 HTTP/1.1 協定。此舉預計不會影響大多數使用最新瀏覽器和作業系統的用戶，但部分較舊或不符合標準的設備或軟體可能因此無法使用 DoH，需轉為使用未加密 DNS 或 DNS-over-TLS。Quad9 解釋此決策是為了簡化技術堆疊、降低維護成本，並為未來支援更多新協定騰出資源，同時也提及 HTTP/1.1 存在速度和安全風險。 MikroTik 設備是目前已知受影響的主要平臺，Quad9 已與其溝通，但尚未收到更新計畫。
+ Quad9 的決定是可以理解的，畢竟支援舊協定確實會增加維護負擔。希望
#網路安全 #DNS #DoH #HTTP1.1 #Quad9

I published a new #IETF draft last week for a proposed defense against #HRS (HTTP Request Smuggling) vulnerabilities in HTTP/1.1. It's intended for use between Intermediaries (eg, CDNs and reverse proxies) and origin servers. It uses TLS Exporters (or other keys in a local context) to cryptographically protect message context (eg, the equivalent of H2 and H3 stream IDs) but in a way that attackers can't influence. It is still an early-stage -00 draft so I'm looking for general interest from potential implementers.

https://datatracker.ietf.org/doc/html/draft-nygren-httpbis-http11-request-binding

#http1

Oh great, another "HTTP/1.1 must die" #manifesto from the tech prophets 🗣️💀. Because clearly, if we don't bury HTTP/1.1, the internet will implode and take all our cat memes with it. 🙄🥱
https://portswigger.net/research/http1-must-die #HTTP1.1MustDie #TechProphets #InternetDebate #CatMemes #HackerNews #ngated

HTTP/1.1 must die: the desync endgame

https://portswigger.net/research/http1-must-die

#HackerNews #HTTP1.1 #Must #Die #desync #endgame #HTTP #Protocol #Cybersecurity #WebDevelopment

🚀 Oh no, HTTP/1.1 is a ticking time bomb! 🕰️ Quick, everybody panic and head to Black Hat for the exclusive reveal on how to save the internet, or just watch as James Kettle becomes the new Internet superhero. 🎩⚔️ Follow along, because nothing screams "secure internet" like attending a hacker convention for the latest apocalypse update. 🌐🔥
https://http1mustdie.com/ #HTTP1.1 #Crisis #BlackHat #InternetSecurity #JamesKettle #HackerConvention #HackerNews #ngated

#TIL: There are two ways to trigger use of the #HTTP3 / #QUIC #protocol in #webbrowsers:

#Chromium and #Firefox #browsers always start with #HTTP1 / #HTTP2, look for the “alt-svc” header in the response and switch to HTTP3 for subsequent requests if they find it. I knew that much.

But #Safari will instead query #DNS for the "#HTTPS" record and use that as a trigger. So it can work HTTP3-only for the cost of an additional DNS query. Unfortunately, the record type isn't widely supported yet.