If this seems a bit premature, it\u2019s not entirely out of line with how the IETF historically operates. Just like TLS 1.3 was rolled out before every website had even switched to TLS 1.2 (though by August the vast majority have) and SHA-3 is already established despite the fact SHA-2 came into use just a few years ago. So, despite the fact just 31.2% of the top ten-million websites are even using HTTP\/2<\/a>, HTTP\/3 is already on the horizon.<\/p>\n Already 1.2% of the top 10-million support QUIC. That\u2019s about 120,000 sites.<\/p>\n So, what is HTTP-over-QUIC \u2013 or I guess now it\u2019s HTTP\/3 \u2013 and what does this new protocol mean for the SSL\/TLS industry?<\/p>\n Let\u2019s hash it out\u2026<\/span><\/p>\n HTTP-over-QUIC is an experimental Google protocol that is an HTTP rewrite that swaps in QUIC for the standard TCP that has traditionally been at the heart of the internet.<\/p>\n TCP is the Transmission Control Protocol, along with IP (Internet Protocol) it has been one of the basic rules defining the internet for years. It\u2019s old enough that it has a three-digit RFC number. That\u2019s an IETF joke, TCP was defined in 1981. TCP is a connection-oriented protocol, it is meant to provide error-free data transmission and it governs how data is broken down into packets and disseminated to the other end of the connection.<\/p>\n QUIC is an acronym for Quick UDP Internet Connections. That begets the question, what is UDP? UDP is the User Data Protocol. The best way to explain this is to go back to the error-free transmission we just discussed with TCP. UDP is another connection protocol, but it doesn\u2019t provide for error-free transmission. Instead it facilitates a connection (sort of) that is low latency on account of the fact it tolerates some data loss.<\/p>\n It might be illuminating to apply this to real life. TCP is ubiquitous, the vast majority of traffic across the internet is TCP. And that\u2019s a good fit for situations where data fidelity is important. When you see a video buffering on YouTube or you get the pinwheel on Netflix while a show loads\u2014that\u2019s a TCP connection. Your device is essentially saying, \u201cI need to catch up on this data before continuing.\u201d<\/p>\n Where UDP is preferable is when you need to send a constant stream of real-time data and latency is not going to be acceptable. A few obvious contexts would be Voice over IP (VoIP), video messaging applications like Skype and video-gaming networks. In this case, UDP just throws a constant stream of data at the party on the other end of the connection and if some gets missed the data will eventually catch up. This is called best effort.<\/p>\n QUIC is an experimental protocol designed by Google. That may seem odd, but Google\u2019s SPDY eventually became HTTP\/2, so this is not unprecedented, either. QUIC is essentially Google\u2019s attempt at rewriting TCP, it combines HTTP\/2, TCP, UDP and Transport Layer Security (TLS) amongst others. The goal is for QUIC to replace both TCP and UDP. It\u2019s encrypted by default, which means it\u2019s faster and more secure than its predecessors. This is largely due to the fact that it uses TLS 1.3 (RFC 8446<\/a>) and leverages its improved single round-trip handshake<\/a> and zero-round-trip resumption feature.<\/p>\nWhat Is HTTP\/3 (a.k.a. HTTP-Over-QUIC)<\/h2>\n
![\"HTTP\/3,](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/11\/connection-e1542129648541-300x300.jpg\")
Unfortunately, the error-free transmission feature is a double-edged sword because it can add latency to a connection. It has to ensure that it receives every packet and it runs check-sum hashes to verify this. Briefly, hashing is a one way function<\/a> that helps to verify authenticity. If the data has all arrived as intended the hash value produced by the check-sum will match the known hash value. If not, TCP will make the party on the other end of the connection send it again.<\/p>\n![\"RTT](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/11\/0rtt-graphic.png\")
<\/p>\n
![\"Hashed](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/08\/bigstock-222348568.jpg\")
<\/p>\n","protected":false},"excerpt":{"rendered":"