The Next Version of HTTP Won't Be Using TCP

"The HTTP-over-QUIC experimental protocol will be renamed to HTTP/3 and is expected to become the third official version of the HTTP protocol, officials at the Internet Engineering Task Force (IETF) have revealed," writes Catalin Cimpanu via ZDNet. "This will become the second Google-developed experimental technology to become an official HTTP protocol upgrade after Google's SPDY technology became the base of HTTP/2." From the report: HTTP-over-QUIC is a rewrite of the HTTP protocol that uses Google's QUIC instead of TCP (Transmission Control Protocol) as its base technology. QUIC stands for "Quick UDP Internet Connections" and is, itself, Google's attempt at rewriting the TCP protocol as an improved technology that combines HTTP/2, TCP, UDP, and TLS (for encryption), among many other things. Google wants QUIC to slowly replace both TCP and UDP as the new protocol of choice for moving binary data across the Internet, and for good reasons, as test have proven that QUIC is both faster and more secure because of its encrypted-by-default implementation (current HTTP-over-QUIC protocol draft uses the newly released TLS 1.3 protocol).

In a mailing list discussion last month, Mark Nottingham, Chair of the IETF HTTP and QUIC Working Group, made the official request to rename HTTP-over-QUIC as HTTP/3, and pass it's development from the QUIC Working Group to the HTTP Working Group. In the subsequent discussions that followed and stretched over several days, Nottingham's proposal was accepted by fellow IETF members, who gave their official seal of approval that HTTP-over-QUIC become HTTP/3, the next major iteration of the HTTP protocol, the technology that underpins today's World Wide Web.

SCTP

[williamyf]

Those bay are guys... Why that compulsion to re-invent the Wheel? We'll never know.

SCTP is available now, is well understood, HTTP(S) already runs on it. Is more resilient than TCP, does not have Head-of-Line issues... What's not to like?

Oh, you can not write new papers on a protocol that already exists? Ah, and was Not-Invented-Here? Ok then...

Re:SCTP

[arglebargle_xiv]

SCTP doesn't suit Google's needs. This isn't HTTP3, it's HTTP4, specifically HTTP4Google.

Re:NOOOOOO!

If you don't serve your pages over QUIC your search rankings will go into the shitter, just like they did with AMP. You do like people being able to find your content, don't you? It'd be a shame if that didn't happen anymore.

Re:There's More to QUIC Than You Think

[BitterOak]

Downside: You lose (some? all?) anonymity, as your GUID is long-lived.

That's a hell of a downside. Is there any way to protect your anonymity in such a system?

Re:There's More to QUIC Than You Think

[Fly+Swatter]

And what happens when you GUID is stolen or spoofed, you just know it will happen.

Google already using this to serve ads

They can serve ads directly bypassing many filter apps:

https://www.google.com/amp/s/amp.reddit.com/r/privacy/comments/67hhc4/google_is_using_quic_protocol_to_serve_ads_in/

I searched if this was possible while going through the RFC for QUIC and came across the part where it says HTTP3 will support extensions within individual connection requests.

problems with SCTP and QUIC

[johnjones]

yes and BOTH use UDP and you will see a LOT of problems with optimisations of links specifically sub sea fibre links

but google et al dont seem to care since they have plenty of transit they control and CDN like features...

good luck getting the telco's to use this and support it (they will just drop your packets) they make more by billing for the data and without control you wont know who is dropping your packets...

Re:NOOOOOO!

[Waccoon]

As with any other technology, it's owned by the people who make the largest contributions and have the largest amount of political influence over the standards bodies that approve the standard.

These days, "open public standard" is as meaningful as "open source". The politics are always a problem, and we all know how well Google is faring in that department.

Re:NOOOOOO!

[mikael]

I've had enough problems using Wireshark to find applications streaming data back to Microsoft and AWS. Last thing I need is have every network protocol multiplexed into an encrypted VPN so it's impossible to tell what is doing what. But that's Google.

Re:What are you talking about connectionless?

[DarkOx]

Lets look a little deeper though.

First you setup a TCP connection. Gotta have some kind of transport. That takes care of all the reliability and a lot of the recovery you need.

Next you start setting up the TLS connection on top of that plain text TCP channel. Okay - part of that is plain text you need to negotiate a cipher suite; do authentication, perhaps mutual authentication. You need to exchange symmetric keys etc.

All things you'd still need to do even if you crammed everything into one big fat protocol.

The only advantage I see in quic at all is sessions being separate from network addresses so they can survive address changes. That is kind of cool; I men your mobile could do from wifi to cellular without breaking a single transfer. There are other solutions to that like byte range requests though; that we have today. Improving support and reliability of those features might be easier frankly than upending the protocol stack

Re: Knee-jerk FUD from Google-haters

[thomst]

zidium screeched:

The last thing we want is Google owning yet another layer of the Web stack!

Exactly which part of the IETF process gives Google "ownership" of QUIC? The part where a working group composed of networking engineers who work for a whole bunch of different companies have spent months figuring out how to bolt this new protocol onto the existing IP stack, or the part where it's been kicked upstairs to the full HTTP working group with a recommendation that it be adopted as the basis of the next iteration of the protocol? Because neither of those decisions is anywhere close to final, yet, and the current version of QUIC - which Google actually uses internally - works well.

Or is it the fact that you're making shit up to trigger Google-haters's paranoia?

Further down in this discussion, ewhac provides the following link to a longish, quite intelligent discussion of what's wrong with TCP/IP in a ubiquitously-connected world (hint: the original design of the TCP protocol entirely failed to anticipate the mobile web - among many, many other shortcomings - and it now consists of a multi-layered kludge of, essentially, patches to enable it to function in an environment that is physically and logically completely unlike the bus-centric Ethernet networks it was developed to internetwork), and, just as importantly, an insightful discussion of why IPv6 has still not taken over the world, almost 30 years on, and probably never will:

The world in which IPv6 was a good design

Toward the end, the author talks about QUIC as a possible, elegant solution to the problem of creating a reliable, low-latency handover of session streams to enable a device whose IP address is constantly changing (i.e. - a mobile device that's, you know, in motion) to keep those data streams active in a much more elegant way than the current, provider-centric, dogshit-slow LTE protocol is capable of doing. And he goes to pains to point out that there are other possible solutions, as well, because that article is more than a year old, now, whereas the Mobile HTTP Working Group's recommendation that QUIC be the basis of the HTTP/3 standard is brand, spanking new.

(Just to be clear, it's not LTE itself that has the latency problem. It's the way LTE copes with constantly-changing IP addresses at the client end, as its signal gets handed off from one cell tower to the next.)

Mobile IP is a mess. Something has to be done about it. TCP is an increasingly-tottering kludge. Something has to be done about that, as well. IPv6 won't the panacea it's been advertised as, because its authors didn't anticipate the mobile Internet, either - and any fix is going to have to be a bolt-on, which is exactly the IPv4 problem IPv6 was supposed to eliminate.

Look, folks, internetworking has always been a moving target. As Niels Bohr phrased the old, Danish proverb, "Prediction is very difficult, especially about the future." That earlier generations of working network engineers failed to forsee the exact nature of the internetworked world we currently inhabit is profoundly unsurprising. But universal adoption of mobile, Internet nodes for personal communication is a reality with which the current crop of networking gurus must deal. Given that fact, we can either accept a hodgepodge of vendor-proprietary solutions, none of which is especially satisfactory, or tackle the problem as a general one that requires a universal, non-proprietary solution.

The Mobile HTTP Working Group consists of experts who have been studying the problem for a long time, and who are focused on trying to solve real-world issues the solutions to which are only going to become more urgent as time goes on. By contrast, most of the bleating on this forum is from users who have little familiarity with those problems and no meaningful technical expertise to infor