The Next Version of HTTP Won't Be Using TCP

"The HTTP-over-QUIC experimental protocol will be renamed to HTTP/3 and is expected to become the third official version of the HTTP protocol, officials at the Internet Engineering Task Force (IETF) have revealed," writes Catalin Cimpanu via ZDNet. "This will become the second Google-developed experimental technology to become an official HTTP protocol upgrade after Google's SPDY technology became the base of HTTP/2." From the report: HTTP-over-QUIC is a rewrite of the HTTP protocol that uses Google's QUIC instead of TCP (Transmission Control Protocol) as its base technology. QUIC stands for "Quick UDP Internet Connections" and is, itself, Google's attempt at rewriting the TCP protocol as an improved technology that combines HTTP/2, TCP, UDP, and TLS (for encryption), among many other things. Google wants QUIC to slowly replace both TCP and UDP as the new protocol of choice for moving binary data across the Internet, and for good reasons, as test have proven that QUIC is both faster and more secure because of its encrypted-by-default implementation (current HTTP-over-QUIC protocol draft uses the newly released TLS 1.3 protocol).

In a mailing list discussion last month, Mark Nottingham, Chair of the IETF HTTP and QUIC Working Group, made the official request to rename HTTP-over-QUIC as HTTP/3, and pass it's development from the QUIC Working Group to the HTTP Working Group. In the subsequent discussions that followed and stretched over several days, Nottingham's proposal was accepted by fellow IETF members, who gave their official seal of approval that HTTP-over-QUIC become HTTP/3, the next major iteration of the HTTP protocol, the technology that underpins today's World Wide Web.

NOOOOOO!

[zidium]

The last thing we want is Google owning yet another layer of the Web stack!

Re:NOOOOOO!

[Casandro]

The last thing we want is Google owning yet another layer of the Web stack!

It is a public open standard. Nobody "owns" it.

No RFCs are like opinions, however instead of having a proper open debate about this, large companies like Google, Cloudflare or Mozilla will just stuff it down our throats. The process simply isn't democratic.

Considering that we probably have gotten most of the problematic TCP/TLS/HTTP bugs out, having a completely new stack will mean several new decades of new security problems. Secret services are probably rejoicing right now as more complexity will mean more bugs which will make the attack surface much bigger again.

Re:NOOOOOO!

[Megol]

Owning? If Google creates an open standard and it is accepted then it is an open standard, nothing owned by Google or anyone else.
Is this just another indication that the people here actually don't understand even the basics of the Internet (or even computing)? Scary.

It sounds OK technically....

At least from TFS.

But .... Google. I consider anything they touch to be tainted and untrustworthy. I can't point to specifics in this case, but their name alone is enough to cast a whole pile of doubt.

They were, after all, one of the companies actively cooperating with the NSA.

Re:It sounds OK technically....

[Narcocide]

Also it appears they're spending a ridiculous amount of money solving something that isn't a problem with a solution that will definitely cause a massive amount of problems for everything and everyone it even comes close to touching.

I won't hold my breath....

[Rick+Zeman]

How long has the IPv6 adoption been going on for now? 15 years? How's that been been going?
Yeah, that slowly.

Let's rush that through...

[ndykman]

Because, good enough for Google is good enough for everyone, right? And if it's not, they'll just do it anyway. Sure, I'm just old and grouchy, but I liked it when the IETF and the RFP process was a forum for very intense discussions with many researchers and industry leaders really working things out. Lately, it seems to be much more of a rubber stamp for big companies' technical ideas.

Re:Let's rush that through...

So if you click the RFC and read the end :

      The original authors of this specification were Robbie Shade and Mike
      Warres.

      A substantial portion of Mike's contribution was supported by
      Microsoft during his employment there.

Author's Address

      Mike Bishop (editor)
      Akamai

So you got Microsoft, Akamai and Google.

Feel free also to see you submitted idea / feedbacks : https://github.com/quicwg/base-drafts/labels/-http
I didn't see you name ?

Re:SIMPLE TEST u FAIL & FACT U IMPERSONATE ME

WTF *IS* all this massive faggotry shitting up my screen? Can't someone ban these assholes, or go to their houses and smash their computers or something? NOBODY needs to be subjected to this bullshit.

Yet more inappropriate layer-mixing

[Millennium]

HTTP/2 shouldn't have bundled in TLS, and HTTP/3 shouldn't bundle in UDP. Keep the layers separate; interoperability depends on it.

Re:There's More to QUIC Than You Think

[fahrbot-bot]

QUIC's big win ... is that it allows your network connections to survive IP address changes, since the endpoints are identified not by an IP address/port tuple, but rather by a GUID/port tuple. Downside: You lose (some? all?) anonymity, as your GUID is long-lived.

Hmm... I can't imagine why Google would want to develop a network protocol where devices/people could be persistently tracked by unique, persistent identifiers that would allow identification regardless of the applications used ...

Re:There's More to QUIC Than You Think

I'd rather lose my connection than my anonymity.

What will that do to my firewall rules?

[CFD339]

I really don't want to spend the money on a new firewall just to support web browsing.