Introduction to QUIC, the latest development in transport protocols. QUIC was originally developed by Google, is now being standardized at the IETF, and replaces TCP in HTTP/3 to improve Web loading speeds.
Loved all the background information you provided. It made understanding what problems existed before QUIC, where they were and why they existed. It gave me a much better understanding and appreciation of how QUIC worked.
It's cool to enjoy this on a nerd level. great work done all the way from SPDY and now it's an IETF standard and growing fast on the internets. It's been facinating to see the iterations and now its time to finetune our networks. How does QUIC react for example to small burst-commit sizes on policers?
Hmm on reverse proxy we could offload tls1.3 from there on send it to middleboxes like ids,ips,sandbox etc forward it to webserver. Is QUIC is well leveraged to work with existing infra. Or there another way better way to adapt QUIC..?
QUIC is a transport protocol (with builtin encryption provided by TLS1.3 lib), so that http need not to sit on top of another TLS/SSL session. If you have your middle box as an endpoint, then ya you can inspect the quic packets, but then it is not a middlebox anymore.
I can't wrap my head around how this cannot get easy spoof attacks with the flexible connectivity (I imagine only the secret key will be needed to read the data but the connection can be spoofed anyways), how UDP data loss is reported by the client to be retransmitted, or the effects retransmission on performance.
A connection ID can be up to 62 bits long. That alone makes it practically impossible for an adversary to guess an existing connection ID. Even if the connection ID is known, the secret key must then _also_ be known, which RFC 9000 §5.2 specifies: datatracker.ietf.org/doc/html/rfc9000#section-5.2 "Packets that are matched to an existing connection are discarded if the packets are inconsistent with the state of that connection. For example, packets are discarded if they indicate a different protocol version than that of the connection or if the removal of packet protection is unsuccessful once the expected keys are available." Packet delivery guarantees and congestion control mechanisms that are traditionally employed by TCP are employed by QUIC itself. See RFC 9000 §4 and §13 for details.