Come for the speed, stay for the security | Cyber Security
Google’s campaign to nudge the web towards faster performance took a big step last month. Key personnel at the Internet Engineering Task Force (IETF) suggested basing the next version of a core protocol on technology that originated with the search giant.
The IETF is responsible for signing off many of the key standards underpinning the internet and the web. One of them is the hypertext transport protocol (HTTP), which is how browsers fetch web pages.
In 2013, Google introduced a new experimental protocol called Quick UDP Internet Connections (QUIC), that would make HTTP requests faster and more secure.
Google proposed the idea of running HTTP requests using QUIC in 2016. The IETF evolved the protocol, producing what amounts to its own version (sometimes called iQUIC, in contrast to Google’s gQUIC).
The IETF has been working on running HTTP over QUIC for a while. On 18 October, Mark Nottingham, chair of the HTTP and QUIC working groups, suggested that it was time to call that specification HTTP/3. This would, effectively, make it the next major version of HTTP, and it represents a significant change.
A QUIC-ker internet
QUIC seeks to make network connections faster by reducing the number of round trips that one computer has to make when downloading information from another over HTTP.
Round trips happen in HTTP requests because the client (typically the browser) has to establish a connection with the server. Think of it like asking a new work colleague for something. First, you have to introduce yourself, explaining who you are and what you do. Then you have to wait for them to greet you back and acknowledge you before you make your request. Later, after getting to know them, you could just pop your head round the door and say “hey, Derek, can I borrow that file?” And Derek would just hand it over because he knows you and trusts you. QUIC works the same way.