HTTP/3.0 received the status of "Proposed Standard"

HTTP3

recently the IETF (Internet Engineering Task Force), which develops the protocols and architecture of the Internet, made it known the news that completed the formation of the RFC for the HTTP/3.0 protocol and published the related specifications under the identifiers RFC 9114 and RFC 9204.

The HTTP/3.0 specification received the status of “Proposed Standard”, after which work will begin to give the RFC the status of a draft standard (Draft Standard), which actually means a complete stabilization of the protocol and taking into account all the comments made.

The protocol HTTP/3 defines the use of the QUIC protocol (Quick UDP Internet Connections) as transport for HTTP/2. QUIC is a plugin to the UDP protocol that supports multiplexing of multiple connections and provides encryption methods equivalent to TLS/SSL.

The protocol was created in 2013 by Google as an alternative to TCP + TLS for the Web, solving the problem of long connection setup and negotiation time in TCP and eliminating delays due to packet loss during data transfer.

Currently, QUIC and HTTP/3.0 support is already implemented in all browsers popular websites. On the server side, implementations of HTTP/3 are available for nginx (in a separate branch and as a separate module), Caddy , IIS and LiteSpeed. HTTP/3 is also supported by Cloudflare's Content Delivery Network.

Main features of QUIC:

  • High security, similar to TLS (in fact, QUIC provides the ability to use TLS over UDP)
  • Transmission integrity control to prevent packet loss
  • The ability to establish a connection instantly and ensure minimal delays between sending a request and receiving a response (RTT, round trip time)
  • Use a different sequence number when retransmitting a packet, allowing you to avoid ambiguity when determining received packets and get rid of timeouts
  • Losing a packet affects the delivery of only the stream associated with it and does not stop the delivery of data in streams transmitted in parallel over the current connection
  • Error correction tools that minimize delays due to retransmission of lost packets. Use of special packet-level error correction codes to reduce situations that require retransmission of lost packet data.
  • Cryptographic block boundaries are aligned with QUIC packet boundaries, reducing the impact of packet loss on decoding the content of subsequent packets
  • No problems with blocking the TCP queue
  • Connection identification support to reduce reconnection time for mobile clients
  • Possibility of connecting advanced mechanisms for connection overload control
  • Use bandwidth prediction techniques in each direction to ensure optimal packet forwarding rates, avoiding congestion conditions where packets are lost.
  • Notable performance and performance gains over TCP. For video services like YouTube, QUIC has been shown to reduce video buffering operations by 30%.

In addition to this, also at the same time, updated versions of the specifications for the HTTP/1.1 (RFC 9112) and HTTP/2.0 (RFC 9113) protocols were published, as well as documents that define the semantics of HTTP requests (RFC 9110). and HTTP caching control headers (RFC 9111).

Of the changes in the specification HTTP/1.1, you can notice the ban from the separate use of the carriage return character (CR) outside the body with the content, i.e. in protocol elements, the CR character can only be used together with the new line character (CRLF).

El chunked request layout algorithm has been improved to simplify the separation of attached fields and sections with headers. Added guidelines for handling ambiguous content to block "HTTP Request Smuggling" class attacks that can intrude on the content of other users' requests in the flow between frontend and backend.

An update to the specification HTTP/2.0 explicitly defines support for TLS 1.3, deprecated prioritization scheme and related header fields and update mechanism deprecated HTTP/1.1 connection has been deprecated.

Finally, if you are interested in being able to know more about it, you can consult the details in the following link


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.