HTTP/3

Video in TIB AV-Portal: HTTP/3

Formal Metadata

Title
HTTP/3
Subtitle
HTTP over QUIC is the next generation
Title of Series
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2019
Language
English

Content Metadata

Subject Area
Abstract
HTTP/3 is the next coming HTTP version. This time TCP is replaced by the new transport protocol QUIC and things are different yet again! HTTP/3 is the next coming HTTP version. This time TCP is replaced by the new transport protocol QUIC and things are different yet again! This is a presentation about HTTP/3 and QUIC with a following Q&A about everything HTTP. Join us at Goto 10. HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF. HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC. Daniel Stenberg does a presentation about HTTP/3 and QUIC. Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
Loading...
Particle system Computer network Bit Communications protocol Orbit
Latent heat Multiplication sign Web browser Dynamic Host Configuration Protocol
Link (knot theory) Multiplication sign Transport Layer Security Transport Layer Security Boom (sailing) Control flow Water vapor Insertion loss Streaming media Connected space Medical imaging Chain Right angle
Point (geometry) Web page Addition Server (computing) Graph (mathematics) Structural load View (database) Transport Layer Security Transport Layer Security Shared memory Information privacy Information privacy Twitter Web 2.0 Graphical user interface Quicksort Information security Communications protocol Information security Computing platform
Multiplication sign Closed set Median Web browser Line (geometry) Parallel port Disk read-and-write head Limit (category theory) Connected space Number Band matrix Medical imaging Frequency Website Extension (kinesiology) Spacetime
Gateway (telecommunications) Server (computing) State of matter Multiplication sign Insertion loss Streaming media Web browser Disk read-and-write head Internetworking Software Cuboid Communications protocol Router (computing) Email Chemical equation Weight Parallel port Computer network Basis <Mathematik> Bit Line (geometry) Connected space Internetworking Software Right angle Quicksort Communications protocol Router (computing)
Server (computing) Service (economics) Multiplication sign 1 (number) Heat transfer Stack (abstract data type) Mereology Revision control Goodness of fit Mathematics Internetworking Different (Kate Ryan album) Cuboid Codierung <Programmierung> Standard deviation Sound effect Bit Complete metric space Process (computing) Kernel (computing) Internetworking Personal digital assistant Travelling salesman problem Right angle Communications protocol Sinc function Window
Arithmetic mean Right angle Communications protocol Associative property Communications protocol
Multiplication sign Set (mathematics) Client (computing) Information privacy Disk read-and-write head Revision control Web service Latent heat Goodness of fit Internetworking Googol Operator (mathematics) Reduction of order Encryption Cuboid OSI model Information security Standard deviation Software developer Bit Line (geometry) Cartesian coordinate system Frame problem Dynamic Host Configuration Protocol Connected space Googol Personal digital assistant Right angle Quicksort Communications protocol
Dataflow Game controller Spacetime Right angle √úberlastkontrolle Communications protocol Control flow UDP <Protokoll> Communications protocol
Link (knot theory) Multiplication sign Hyperlink Similarity (geometry) Streaming media Product (business) Different (Kate Ryan album) Single-precision floating-point format Logic OSI model Communications protocol Traffic reporting Condition number Parallel port Independence (probability theory) Bit Cartesian coordinate system Connected space Process (computing) Personal digital assistant Chain Right angle Quicksort Freeware Communications protocol
Email Email Dependent and independent variables Server (computing) Different (Kate Ryan album) Code Right angle
Implementation Transport Layer Security Encryption Moment of inertia Stack (abstract data type) Quicksort Streaming media Stack (abstract data type) UDP <Protokoll> Communications protocol
Functional (mathematics) Server (computing) Transport Layer Security Similarity (geometry) Streaming media Client (computing) Web browser Host Identity Protocol Independence (probability theory) Session Initiation Protocol Medical imaging Different (Kate Ryan album) String (computer science) Encryption UDP <Protokoll> Data compression File format Server (computing) Transport Layer Security Independence (probability theory) Bit Stack (abstract data type) Connected space Order (biology) Quicksort
Web page Service (economics) Parity (mathematics) Numbering scheme Number Latent heat Internetworking Average Different (Kate Ryan album) Googol Program slicing YouTube Area Email Web page Bit 3 (number) Connected space Uniform resource locator Order (biology) Buffer solution Quicksort YouTube Communications protocol Fundamental theorem of algebra
Email Server (computing) Email Dependent and independent variables Multiplication sign Programmable read-only memory Quicksort Communications protocol Website Communications protocol
Standard deviation Building Group action Code Multiplication sign Client (computing) Open set Stack (abstract data type) Mereology Mathematics Very-high-bit-rate digital subscriber line Different (Kate Ryan album) Single-precision floating-point format Extension (kinesiology) UDP <Protokoll> Transport Layer Security Bit Entire function Connected space Band matrix Category of being Message passing Befehlsprozessor Self-organization Right angle Quicksort Row (database) Laptop Server (computing) Implementation Algorithm Real number Heat transfer Number Revision control Latent heat Internetworking Operator (mathematics) Computer hardware Energy level Scaling (geometry) Cellular automaton Client (computing) Stack (abstract data type) Cartesian coordinate system Cryptography Canadian Light Source Software Personal digital assistant Data center Game theory Communications protocol Window Library (computing)
Slide rule Standard deviation Implementation Server (computing) Open source Multiplication sign Software developer Planning 3 (number) Bit Web browser Web browser Revision control Graphical user interface Word Facebook Internetworking Googol Oval Single-precision floating-point format Interrupt <Informatik> Software testing Quicksort Library (computing)
Vorwärtsfehlerkorrektur Term (mathematics) Multiplication sign Quicksort Communications protocol Cartesian coordinate system Communications protocol Number
Area Right angle Quicksort
Group action Presentation of a group Multiplication sign 1 (number) Mereology Information privacy Public key certificate IP address Dimensional analysis Formal language Medical imaging Mathematics Different (Kate Ryan album) Encryption Diagram Information security Vulnerability (computing) Area Concentric Software developer Electronic mailing list Bit Connected space Arithmetic mean Website Right angle Quicksort Asynchronous Transfer Mode Spacetime Point (geometry) Web page Implementation Link (knot theory) Transport Layer Security Heat transfer Mass Regular graph Computer Product (business) Revision control Broadcasting (networking) Goodness of fit Natural number Profil (magazine) Internetworking Operator (mathematics) String (computer science) Computer hardware Software testing Computing platform YouTube Information Key (cryptography) Interface (computing) Content (media) Planning Volume (thermodynamics) Line (geometry) Cartesian coordinate system Vector potential Peer-to-peer Software Integrated development environment Video game Musical ensemble Communications protocol Library (computing)
please know some basics about networking
get into very many particle details here so no bits and bytes you can read up on that if you want you this the standards neither quick nor HTP three are done yet so some details may actually change before it ships so just be aware and sure I'm going to make sure that actually I talk fast enough so that we get to have some questions after my talk I think there's a full hour until the next talk okay so if the p1 was defined
it actually the first best specification is for 1996 I should be 1 or 0 and then 1.1 came 1999 so quite a long time and then 2015 we published HP 2 and I should p2 is really as I've taken off and it's really nowadays used at least from browsers it's used more often than maybe one at least for it to be less traffic so it's fairly popular in this hadn't had a widespread adoption and now we're looking into what the next step done now we're going into HP 3 well next so a HCP
started out done over TCP or HP one is over done participe and I'm just going
to remind you and use a little image here of a chain with links because that's how I view TCP it's basically network traffic and it's you know you set up a connection between two endpoints and you send data there's a three-way handshake three times ping pong boom before you have a connection and then you send data and it's recent loss packages and you know you get a byte stream there's you send data from the other one and and it ends up in the other end in that water or it doesn't have to end up there at all if the connection breaks but so that that's basic for TCP and it's in clear text right everyone can see your traffic that's disappear disappear created a very long time ago if from the 80s and it's basically remained roughly the same over the years but okay that's disappeared on but we
used a TPS today right and it's BS is TCP with added TLS and then you do HP of that and htps looking
at the Firefox trend is used in this graph ends in 2018 but you see the trend is pretty clear is somewhere around 80 percent of all page loads are using a GPS so with we're going into a world with basically where HBS is going to be the the primary protocol we're talking web traffic over and looking at their same sort of trend from Chrome's point of view it shows roughly the same somewhere around eighty percent in how they saw in share of page loads this is they have splitted differently so this is based on platforms the other one was based on countenance basically so we're talking HTTP here so it's past being TCP plus TL s and T less than being the
security layer that we add on top of TLS the story on top of TCP and that's what that's how we secure TCP and we do with that for HP 1 and H 2 P 2 and this adds and more handshakes attacks more back and forth so the three three-way handshake from before you get some extra handshakes to add TLS on top of this with TLS one of three they fixed it so it's actually not that many back and forth but anyway it's additional handshakes on top of this and when using TLS 10 HP as we get both privacy so and we get security we actually know that we're talking to the right server and we know that nobody can actually eavesdrop on your traffic so nobody can snoop on what you're doing so that that's what like with HTTPS right but okay so ACP
done over TCP as we're doing or have been doing for a long time than it
started out then as I mentioned HTTP 1.1 shipped in in 99 we use HTTP 1.1 with typically a lot of parallel connections right with a browser we use typically six connections per host name and all bigger sites they even new host names do you have a really huge amount of TCP connections to the extent that the median number of HTTP requests done over / physically connection by Firefox this one is basically all connections are used for one they should be a request before close it because it's has to be closed because otherwise we would drown in TCP connections so they're very there's a very very inefficient use of TCP and T space also this slow start period so it takes a while until TCP connections actually get up to speed so closing them immediately like we do with HP one at one is really inefficient which is basically one reason why no matter how much you increase your bandwidth you won't get faster websites with it we wanted one because we're close to connect us all the time and we also have this little issue we call HP head-of-line blocking so when you're connected to the site you have your six connections to that host when you want to send the seventh request you know there are many images on the site you have to wait for the other one one of the other requests to complete before you can issue your seventh of nine and tenant so they're all blocked by the one the head on head of line blocking recipe and these are of course some of the limitations that people have created a very imaginative workarounds for over the over the years and that's those workarounds and those solutions were basically things that were taken into the work when HTTP 2 was made so HTTP 2
was made to fix some of those problems that we experience with HTTP what it shipped in 2015 not that long ago so it uses done if one connection per house no more six connections per host one connection per host and no no more using funny host names to create new connections and instead we do a lot of parallel streams within those connections right typically you have 100 streams over a single connection you can actually negotiate that but I think 100 is by far the majority value used so you don't have to you don't get that HTTP head of line blocking anymore because you can always fire often you always but much more often so you can send off more requests earlier you don't have to wait for the other requests until you send the next one so but and that fixed that HTTP head of line blocking and now instead introduced ourselves into the TCP head of line blocking problem because now we switch everything to one connection right doing 100 streams over one TCP connection we lose a little packet in the middle all strains have to wait until that packet gets resent and then all hundred streams can continue again so going into a loss in network leadership ?tude using one connection is really crappy for that's the TCP header one working at the same time we have an
internet that has developed this habit or I shouldn't say apparently we call ossification which basically means that everything we do on the Internet it gets stuck the way we introduce them over time we can change anything anymore because the Internet is full of boxes if you know it's not access and they're all this sort of access I mean routers gateways load balancers Nats home broadband things and whatever all those little boxes between you and the server in the other end there are a lot of boxes and all those handled at net in the network data in suspects they before would IP packet state terminate TCP they know balancing HTTP there they do all these fun things that we need to make the internet work but they are all typically made design written to handle today's protocols right they're implemented to handle TCP the HTTP the way we know how they work and that means that they're typically very very bad at handling slightly new things when we invent when we try to change protocols we can come up with a new use of some bits in the header or new header values a lot of these boxes they don't like the new stuff what's this I flew it away introducing new things is really hard because of these these ossification things just get stuck in time basically in because of all these boxes and they these boxes upgrade a lot slower than the edges you know you when your browser it happens automatically basically daily or weekly of this even servers actually upgrade with some regular basis not as well as often as browsers but still in the middle however that's they they are stuck in time introducing new things is really hard so
just to illustrate what I said this is
the internet lots of boxes that's the access and that's me and you know we can go through the internet via a lot of boxes and all those or the middle boxes and they are the ones with this ossification effect so due to this
ossification that exists today we have we never see HDPE to done in clear-text for example you know we we need to do it with a GPS which and part of the reason for that is that talking you know changing HTTP all we speak a new protocol over TCP port 80 that will break because a lot of boxes they know that h2h TCP port 80 that is HTTP 1.1 and we know it should be one at one right we can improve traffic and fit a little bit with Heather's and stuff so if we change the protocol dramatically a lot of these boxes will just damage the traffic which really makes it hard to do a cheapy to in clear-text over the internet for example another fun little thing is even if we then go down a layer in the protocol stack looking at fixing TCP one of these great inventions is the TFO tcp fast open is meant to reduce latency in the disappear handshake so you could send data earlier in the disappear handshake a great idea but there are a lot of boxes out there they know how how to identify TCP header right there are some bits in there that says zero nobody uses those except for the TFO case right and so throw those away which then has the complete opposite effect for TfL the fast open it turns out that you have actually have to reason that packet after while because it vanishes so using TFO since we're talking about my a.m. we're in the Mozilla room we've fought with this in Firefox for a long time until we basically just gave up so no if the times it works is so rare and it's so often that it actually slows down the handshake so it's no way chief oh good idea can't be implemented and also it actually also had this other little minor thing that the TFO being a TCP change you know TCP is a kernel based thing that everybody runs in the kernel so it basically means that this standard has to be set it has to be implemented is in encode and then trickle down into Linux distros and into the kernels running on all these servers which is also very very slow process it takes a long time TFO was written standardized for either many years ago I think it took about five to seven years until service actually started to support it and Windows 10 is the first Windows version that actually supported so it takes a long time until it happens and then in the end we couldn't really use it anyway and another thing that is very similar to business you know TCP UDP there are two different transport protocols in the underlying the IP stack right and you could imagine that you would create a replacement for these like SCTP but again no that won't happen because all these bar boxes out there they know that TCP and UDP they are the only protocols we care about so they will throw away basically other protocols so you cannot easily introduce a new protocol these are the ones they're there they're here to stay we will use these well you we can use ICMP and some others too something some too but these are based the basic transfer protocols so this of course that makes it really hard to innovate change things because all of these boxes they make things really hard for us unless we encrypt if we encrypt the traffic nobody can inspect it we hide it for them they will just pass it through they can't help us or improve the traffic they can just sort of just random gibberish to them excellent so that is that is what we're doing them in
spite of the association we want to improve we want to change the world right we want to make things better so we need to do that in spite of this weird situation we're in and that is what quit is trying
to do or aiming to do it is a new
transport protocol just what I said we can do this is that but I'll explain why or how quick sorry first I'll just mention that quick is
not an acronym it's the name doesn't mean anything it's named quick whatever
you read it had a meaning once but it's been removed so quick again as everyone
who remembers back several years ago that basically this was how HTP 2 was made just came from experiments and experiences that Google made with speedy to take into the IETF and out came HP - it should be - being very similar to speedy this time we're doing basically the same sort of operation Google spearheaded with their version of quick experimented on the internet and they started a long time ago even before HCP - shipped and they proved that sending HTTP two frames over UDP over the Internet actually works and it's deployable you know they have a fairly widely used client and some popular web services some of you might try them so they could really work it out and really prove to the world that it actually works to send they should be - over UDP yeah it works and it actually improves things to users and it actually helps in a lot of cases so they took their protocol called quick to complicate things really a lot here they made the Google quick they took it to the IETF aside let's make it a standard which i think is a I mean commendable thing to do and the right thing to do and yes and the ITF then I created the quick work in Europe in 2016 and now you see we're after HP to release at least and then basically the IETF said yeah this is all fine but sending it should be two frames over UDP like this is a various HP specific use case let's make it a transport protocol instead of just HP over UDP so they said yeah we should make it into a transport protocol and an application-level protocol so we shouldn't just together like Google did so this separated them quick is since them has is growing into becoming the transport protocol and there's an application layer protocol on top of that then like it should be free is the name it should be three wasn't set until last November before that it was at home it should be over quit but it's basically the same thing so Google's quit is something different taken into the ITF remodeled completely new things kept in the other end so we try to in my talk here I'm going to focus on the IETF quick and that's the real quick that's the quick we go introduce in the future the Google one is going to be left where it is or not not something for the future to bother much more so I'm not going to focus on the details of that in quick new
transport protocol when you do a new transport protocol why not fix this TCP head of line blocking problem I'll explain how it's so and I mentioned this three-way handshake anticipate with added TLS handshake on top of that which are fixed that right to make sure that we get much better latency and we can fix basically than as I mentioned the TfL problem sending data earlier in the handshake when we redo this when we did make a new protocol we can the TFO supports and early data already when we design this protocol and we can even make it a better early data support so we can send more a bigger chunk of data than TFO actually can and we can of course and add more encryption always more bits reveal less details of your connection to the middle boxes and to anyone snooping on your traffic with both for your privacy and security but also to reduce falsification boxes won't see your traffic they can't make any wrong conclusions about what's in there so this hopefully Ron will put a pretty good foundation for future developments I think there hope and and I think a lot of people actually believe in it too is that when we ship this we can actually iterate we can actually develop quit in the future - this won't get stuck as easily so hopefully there will be a quick TV - even within a few years from now thanks to this being a good foundation and there's going there is there even a version negotiation things that we can actually negotiate another version of quick very easy and so to make this
transport protocols and since I said we can't introduce new transport protocols and we don't then we just build it on top of UDP instead of replacing UDP so we let will leave TCP and UDP they are they can be like they all right we don't have to touch them we instead use UDP as if it was IP basically it's just transporting data grams so we implement a reliable transport protocol in userspace on top of UDP basically a tcp like thing with on top of it a little bit like disappear until s by yourself by Ram I
want to emphasize them that quick is on top of UDP and you repeat them to rely but you all know that I just want it because when I when I talk to people and say it's done over UDP and then people are all people that's not reliable they don't there's no flow control and congestion control things like that and no that's not available in UDP what quick is not UDP quick is a transport protocol on top of UDP so all these resending flow control and everything is done on top of UDP and to fix sorry the
transport protocol quick then add streams in the actual transport protocol pretty much if you're into an sctp had streams like a little bit like SSH works similar to how HTTP 2 solves it but this is in the transport protocol not in application protocol which might not make a big difference but will for other application protocols so quick provides the streams in the transport protocol which done is similar to a p2 you can do many similar parallel streams within one connection and in in the quick case they are independent so you can truly lose a packet on your connection and only those streams that are affected by that particular packet will have to wait to the other streams that can continue you can lose one packet and 99 streams can continue until that lost packet is resent them that stream can go on which is sort of magic and it makes a new as it introduces new fun things just to illustrate it I like to use my chain illustration because like in the tcp case when you want to send many different streams here's green stream and the red stream right and the center with one single disappea connection if you lose one of the links like the red link is gone the green one can continue right because the link is broken but the chain is broken but when doing with doing it with quick they're independent if you lose a link to one of the chains if one of the blue links go away the yellow linear chain can still go on without any problems and of course then this being a transport layer protocol we
do application layer stuff on top of quake and all these all these if more than one but the the application layer then gets streams for free because they're done in the transport protocol and it could be any protocol when when the protocol was taken into the ITF they pretty much one of the conditions to do the protocol in the ITF was that it should be made to do other protocols such as HTTP and I DNS was one of the product protocols that was mentioned earlier early on it hasn't been mentioned much since then because I think very early on they dig a reporter consider that it's too much of a job to take on a lot of protocols at the same time so the emphasis has now been let's get quick and it should be done first and consider other protocols after these ships so once these ships I'm sure there will be others who will join in and do other fun protocols on top of quick so HT p3 is
them HTTP over quick and just to emphasize this is again them changing
HP but HP remains the same but not the same right a GPS they'll that's me and that's the server and we still do requests right like we've always done there's a method in there you know the verb yet post put and there's a path and there are headers in the request and there's a body in the request to if we give a post or put stuff exactly like before most of us will just think it should be like this and there's a response you know there are daily the same there's the response code there are headers and there's the body like there's always been and these are going to remain and most of us will just have to stick to that and we won't know these don't care about any differences at all but underneath so of course it should be
was their actual protocol party?s ask you based over TCP and inertia p2 we changed that to become a binary protocol with multiplexing over TCP but with HTP 3 we go back to having a more simpler implementation because now the streams are provided by quick and all of course being binary so looking at the same thing than sort of stack wise next to
each other this is how you you regular to stack being IP TCP TLS and it should be to write very simple that's we did and now we're introducing quick instead not as simple than well we do it we do since we can introduce new transport protocol we do everything a BP and we add quick on top of that we use TLS 1.3 for encryption and then we add
it should be 3 on top of that that's a sip it's free done over quick quick uses TLS one of three internally I'll get back a little bit about the TLS situation soon and if looking at the same data again HTTP 2 versus ATP 3
what's the difference really to sort of feature wise functionality wise there
are very similar functionality wise with HTTP 3 there's no clear text there's you can never speak it without encryption there there's an there are independent streams and HP 3 so you can actually you know when the server delivers you images to your browser they can actually end up in the client in a different order than the server symptom which is going to be fun but still since those strings are independent that can actually move independently of each other over the network and because of their independence HP 3 has a new had a compression format because the the h2 had a compression format was relying on the streams being in that order and now they're out and the server push better early data and much faster hand-shaped 0 or TT handshaking in question HP 3 which basically means that you if you have to talk to the server before you can just set up a new connection without any latency at all so ok is this good or bad how is this
faster and it's a little bit hard to say now because because I put my slice in this order you don't know this yet but the Aesop III hasn't really been deployed much or use much yes so I don't have a lot of there's not a lot of number how hp3 actually works on in the wild so I'm using odd numbers here based on Google quit which is outside mentioned before it's a different protocol but this is it should be done over UDP so it's same basic fundamentals but differences so if you looking at those numbers as as before this is another protocol improvement that really really improves the situation to those who have the worst situation to begin with so if you are in the 99 percent percentile of Internet you're probably really sad position but quick makes it really improves things a lot for you and apparently a lot of less buffering on YouTube and they also proved that you can that you can take advantage of their fast handshakes very often which it was also sort of a concern how is this really really a viable idea but yes a lot of connections can actually be set up again very quickly and possibly three percent improvement on the average search page you know it isn't that much but I don't know I guess it's a small patient on average I don't know okay that is quick that is a cheap III and we have a world when we where we have HTTP
colon slash slash URLs everywhere right we in the beginning where should be - that was actually this discussion if we should make a new scheme for HTTP - so but pretty soon it was more or less agreed that no we can't change your world of URLs right we have a GPS : colons things on quite a lot of places they have to remain like that they have to function and we have to work with that so we have to design internet that can upgrade from whatever htps : / - if into the thing we actually want to talk but HTTP is spaced on TCP at least it has been right so TCP port 443 that's where we connect when we have an HTP s your or is it this is an area that hasn't really really been settled yet but I still explain how the specification says that we are going to upgrade to HB 3 that is by using an already existing header called old service basic SS use
this server over here is talk this protocol it's the same as me and this is an already established header we have already introduced it years ago for this should be 2 basically so it says this origin is also available on this server and this port with this protocol which then could be the same sort of course but it is it you could say access this origin with this other protocol and do it for a week or a month or a year or whatever it's you have annex expire time so you could do it for a minute you can do it for a week ideally I would I would hope that we don't do it for minutes but yeah and there is also no I'll say that for the prom some of the problems but ok
I'll take it here instead so we'll I should pay 3 then delivery will this work actually can we do this with anyone taking get any benefits from this and yeah and the hair starts some of the problems there are some
challenges with doing it like this you know I said yeah we shouldn't introduce new things we should build it on UDP but that is also new right we haven't really had internet scale wide fast high speed transfers over UDP a lot of data centers a lot of organizations networks they will just throw away stuff that is just too much UDP throw it away so something somewhere around 3 7% something I guess it depends on who you're asking they will just never be able to set up a quick connection so that's still quite a large number right so we're so all clients basically talking hp3 going forward they will have to this fall back to HP - or one for those three to seven percent of cases where you can establish the connection and it has this silly property then that the locking of the UDP or from the way the you repeat back is that's going to be based on your network right not on the server or your client so it'll be you know your switch down your laptop at home and you bring it to work and then suddenly when you bring back Firefox it can talk quick anymore because your work and network is dropping it so we're looking forward to a great new world where we gonna have to raise TCP connections with the quick connections to make sure that we get the best one in all of the cases I think a bit of annoyance but that's very reality and I think of course this will if HP 3 is actually a good thing as I say if because I don't think it's been proven yet so if it's a good thing I think this will improve over time because all these organizations will actually help their users to get a better internet so they will actually have an incitement I think to actually fix the problems over time quic is awesomely CPU intensive which of course is as a client it might not matter much right if you're using a little more CPU when you download stuff because you that's your browser but in the server and we're talking to more than twice the CPU for the same bandwidth which meant for the server side of course is a lot of more CPU and I think it's just two to three times the CPU right now so this is I would say a major problem for server implementers to deploy it to b3 short-term of course I think this is I'm not really serving guys I'm not really into all these details but this is partly done because of a worse for Hardware offloading situation because TCP and TLS has been done for a long time and we have sort of optimized this we have optimized TCP stacks we have optimized offloading the hardware for all the crypto stuff and now we're changing all protocol so the offloading is really off so I think this will suddenly improve at the time when we get more hardware offloading when we more improve software because as interesting enough UDP is really slow in Linux which is yeah we never really had to work on UDP because we didn't use UDP like this before so it didn't really matter but now it turns out that TCP is much better than UDP which i think is a bit ironic since you'd be so much simpler sugars but there so there's going to be more work to optimize UDP as well to make sure that you repeat delivers as fast and smooth as possible so it's of course you don't need to be better at the time everything will go into bit better over time of course and a funny TLS layer okay so when TLS you know this is designed to work on top of TCP and now this is enough this is a new transport protocol it's not done over TCP right it's done over UDP basically its own transport layer so how do you implement here less in your own transport layer well in the quick working group they decided that they shouldn't use TLS records like they do over TCP because you don't have to do it like that so you extract this CLS messages and you transport those messages over quick but there's not a single ssl library out there with with eight guys for this well now there are because some of these guys were working on quick are also working on a cell library so if you're if like Mozilla the NSS library supports it then boring it's a cell supports it from Google and a few other minor like a miner does it it's more a less widely used library is also supported but for example a fairly popular library called open SSL they haven't even started implementing API for this they basically wait for the specification to be done and before they start working on this those TLS messages one part and then it also needs other secrets from the TLS layer that the the OpenSSL for example doesn't provide a penny for so we're in a funny situation here and I don't know if you remember about HTTP 2 that was severely hold back the the deployment of a should be two took a long time you know before because when we ship the chippy to respect all the server operators of they were all said ok how do we enable this yeah we need this fearless extension called the LPN how do we have that it was standard it was it existed in open SSL in a certain version but an entire world were stuck on the older it opens a celebration so it took a long time until servers started to upgrade to I think it's open as a r102 so it took a long time to was a real hurdle for deployment and now we're in a situation where open SSL doesn't even have the code yet so it's not it's not even close to the same level of problem that we had before we haven't even introduced the problem yet so yeah we're we're a bit behind here and yeah and some people are also implementing your library with a lot of different TLS implementations and this makes everything completely more as a mess right now right now in curl for example I have two single pick one of these libraries that have these support for it for this API and build entire thing with that and if I wanted to build with the open SSL that I have to build with my own locally patched version of open SSL to be able to speak quick which is a bit of an annoying situation all user stacks are oh sorry all quick stacks or users based user land I mean they don't have to be but they are under I guess they will look basically what we saw remaining which I mean this and this is a challenge more in the traditional aspect that we will see you know different applications will link to different libraries and therefore there will be a mishmash of different versions and we will have a fun future of debugging different working differently real quick because they have different behaviors and there's no standard quick API either so if you want to speak quick you pretty much have to get married to one of these api's and use that and it's not going to be that easy to change i'm encourage support to two different quick stacks to begin with so there are some challenges and there are also a slight lack of tooling well you can actually use Wireshark already now to monitor most of quick so sure Wireshark is on the game but of course I mean we've debug we're seeing TCP for a very very long time you know if window size segment numbers everything this changes and so going to
take a while I think there's the spec is
going to ship in July that's the plan I'm not sure if it will hold but that's there that's the plan so okay if the standard is going to ship in July we talked about all this how has
the situation and in implementations right now when can we try this out when will Firefox open it yeah there are a lot of implementations especially with I mean quick implementations not many hp3 implementations which one might argue is a bit worrying since we're going to ship it in July and there we can't even do interrupt tests with HP three yet at it at this place in time we they should be - we had a lot of implementations we could already run them on the internet we can already try out everything but we're not there with quicken it to b3 all of these companies basically all those are mentioned in the in the earlier slides they're all having their own implementations Mozilla has won the last one a lot of these companies have their own I think there's like 15 20 something different the implementation there there hasn't been a single browser release yet with a ship III enabled I'm unfortunately I don't have any news either about Firefox when the support is coming I know that Patrick McManus has shown a Firefox running with HP's three well no it was at least quick support so I know he's been working with not that he's still that Mozilla but anyway and I'm Marsha says much because Google has said that they are probably going to have HP three support in chrome in March I mean I guess that's some sort of developer version of Chrome so and there's and there I mean the popular open-source servers none of them have even said a word about HP three so I figured they are also not really I and Carlos and supported me through either by hoping to soon again it'll be three implementations or really behind so I'd only there aren't even many ATP's three libraries to pick from so I have a bit of a bit of a chicken and egg problem here but I'm hoping to get get there with curl within a month or so maybe so then I took out my crystal ball and look
at the future and I say that it will take some time until a2 b3 is deployed right and I think it will grow slower because of all these problems and it's not as big of a gain as it should be to what so maybe just just dictate to be to for a while but it's quick is here for the long term is going to be protocol for the future so maybe it doesn't matter if HP's three doesn't get on I mean get deployed immediately it'll come there over time
so in the future we're going to see more things in quick there's a huge number of issues that are sort of marked work on this after v1 is released so after the one is released in this summer I'm sure there will be a lot of persons working on new things to do with quake quickly - so I expected quickly - to come within years and there will be more application protocols that long to implement themselves over quick as a transport okay so what comes takeaways
just to repeat what I've said if you're falling asleep it is coming seven areas always encrypted it is basically it should be - in sort of feature wise but it's done over quickly steady right there are a lot of challenges I think we will overcome them but it will certainly be there is more work live before summer yeah maybe so no perhaps yeah but I actually think it will happen but we'll see how what what kind of speed it will happen I wrote a little document about
this called hp3 explained if you want to read more about that what I already explained to you now that's it for me
thank you [Applause] thank you to Daniel so any question okay why is this so CPU hungry well I think a large portion part of that is because of the lack of Hardware offloading that we can do with TCP and TLS so I think a lot of a lot of areas with little be fixed with improved Hardware going forward okay any other questions for Daniel okay yes we have the time to arrive said like in your diagrams you call the TLS 1/3 inside quake when you throw away most of TLS 1/3 and just use bits and pieces of it right and then when you're gonna have vulnerability there everybody will turn off quake and go back to TLS right well maybe well I mean everyone is going to implement HP fall backs anyway right because like it seems to me like by merging together your encryption and application layer you're just opening yourself to be more vulnerable to future C insecurities in your new protocol maybe but I mean we're always talking about TLS here anyway so we're already will replace the anticipate with TLS for quake because I'm not sure TCP with TLS is right there's a better secure device then quickly ok just carry ok hi there you mentioned multipath in one of the future potential features yes you mind just elaborating on that a little bit like as a user might you see that being able to have Wi-Fi and 3G both downloading bits from the same website or yeah exactly multipath is basically about this I think up two different paths over the network so it could use different interfaces and transfer data over both at the same time and it could actually use the same interface but just to use different paths over the network I mean TCP multipath already exists so multipath is not a new concept is it's just a concept that hasn't been implemented in quick B once it's been said for quick be something else so that's that's also we can't really say anything about how it will turn out then of course because it hasn't been decided so we'll just have to wait and see quick has I could just mention that that quick already has a connection ID and not is not actually tied to the you know the regular TCP topal you know with IP addresses and ports so for quick already has a really nice way to be able to transfer between interfaces for example in a computer without having to do any magic tricks that we have to do participate because disappear is sort of stuck to the IP address any other question okay that's good that you're sort of trying to be far away from each other first of all thanks to you and thanks to the people from CERN for HTTP first version there is a fundamental change in the approach of transferring information from TCP to broadcast broadcast lines you don't mind about heroes only and broadcast is mainly known as television of course there is YouTube of course there is a lot of an increasing volumes of data through images through strings but we have to remind that when you don't pay to access to those kind of that meaning getting to YouTube get into Google get into old mainstreamers you are the product meaning the information you transfer by requiring this content the profiles we get from you within your moves daily within what you do when you ask for information and when you transfer privacy and security from the lower lower layers meaning the equipment layers to the user space to you you are the added value of the network so but they still you're not changing that nature by changing the protocol here you're going to be the same products or whatever you say I mean using HP to wear it be that kind of change it you're still the same person you're using everything the same way you're delivering the same information to the other point it's not going to change that but it's going to change the amount of information anyone in between can actually see so you're actually going to reveal a little bit less in the network's how you mind network if you mind an eight work in peer-to-peer if you mind a network in infrastructure mode with massive concentration of information from the main players you've just sure but that's not something quick changes is it's that's and that's enough that that's a different dimension right what you do with your connections if you set it up to you one single operator in the world that operator will know everything if that's if everyone does that that's true but that's the same truth no matter how to do that connection and we live in democracies it is okay the question is to put a trace the whole internet by going to broadcast okay another question yes only for excellent idea got to go there all right is there a plan to have quick in key on alone for it is possible yeah sure it's possible I mean I don't think I haven't seen anyone have that plan I don't have an I don't think in the money is going there right now at least so yes [Applause] thank you this is so with encryption and everything that means the transport layer needs to have access to certificates and stuff so there's there's two questions I have one is what if I want to use different certificates for different sorts of traffic because I might want to use different keys and secondly what if there are no certificates how does it work sorry what if there are no certificates at the endpoints well I end up in a situation exactly like with TLS I mean over TCP so you have the same certificate situation as you already do when doing HTTPS so sure I mean as a developer you can just you know work certificate problems or what are you doing this doesn't really introduce any new problems we have those problems already any other questions yes fortunately is not far away hello thank you for interacting interacting quick now when I want to play with it what would be the best libraries to start with like the implementations what is your what do you're betting on well if you want to play with quake I would really recommend to just find the quick implementations with the page because it's a list with all the quick implementations that exist today there is only they exist on this quick working group page where you can follow the links there and I'm with curl I'm using two different quick libraries and using the quiche library from CloudFlare and I'm using ng TCP to library which is from the same team that made ng hp2 so those are the ones I use but there are many others the the mozilla one is the most quick implementation it uses an assassin encrypted so you can pick your own flavor and there are available in many different languages for different platforms different environments so you can go there and play around already today any other questions are you sure okay relax a little in five
minutes more stop okay we'll start again with the next talk we have the time yeah no yeah justice justice justice justice justice justice both one two three four five one two three four five one of those one of those it wasn't a question it was more an opportunity to rant about something [Music] justice justice one two one two one two one two one two in one [Music] you don't have [Music] okay always dream to be a crazy life so you're Adam I just isn't enough so before your presentation we will bring you in [Music] can you work like this why because I don't have back what could get worse and cream testing testing this test is justice there's justice there's too you test test test test test test test test test test test test test there's justice justice this test test test test test No Oh [Music] no I I see fine don't work now can't just test test test test test test test test test test there's just Oh this justice just just just just just just just just just test test test test test okay I'm bringing the now we provide you welcome everyone a few minutes will start only to resolve the issues for connected not book so the next speaker is
Loading...
Feedback

Timings

  437 ms - page object

Version

AV-Portal 3.21.3 (19e43a18c8aa08bcbdf3e35b975c18acb737c630)
hidden