+4 votes
142 views
in Technical issues by (242k points)
reopened
HTTP / 3: the keys to the new hypertext transfer protocol

1 Answer

+5 votes
by (1.6m points)
edited
 
Best answer

What is HTTP / 3?
What does HTTP / 3 contain?
What functions does HTTP / 3 have?
What are the advantages of HTTP / 3?
HTTP / 2 vs. HTTP / 3: differences and similarities
What problems can HTTP / 3 bring?

image

HTTP / 3: the keys to the new hypertext transfer protocol

HTTP / 3 is the newest member of the HTTP protocol family and has arrived to replace its predecessors HTTP / 1, HTTP / 2, and HTTP-over-QUIC. HTTP / 3 is currently under development, but has already been implemented in Google Chrome, Microsoft Edge, and Firefox browsers, as well as Safari since April 2020..

The third generation of the HTTP standard was originally born as HTTP-over-QUIC and, as an experimental protocol, was based on UDP. At first, HTTP-over-QUIC was considered as a potential replacement for HTTP / 2, but since January 2020 this project has officially moved forward under the name HTTP / 3. Now we just have to wait and see how quickly the new standard is imposed. In any case, HTTP / 3 promises to reduce loading time and increase security thanks to data transfer over UDP . However, although 80% of browsers are compatible with HTTP / 2 since its publication in 2015, its use by providers is progressing slowly, which makes us think that HTTP / 3 will not be received with open arms either.

Index
  1. What is HTTP / 3?
  2. What does HTTP / 3 contain?
  3. What functions does HTTP / 3 have?
  4. What are the advantages of HTTP / 3?
  5. HTTP / 2 vs. HTTP / 3: differences and similarities
  6. What problems can HTTP / 3 bring?

What is HTTP / 3?

In November 2018, just three years after introducing the HTTP / 2 standard, the Internet Engineering Task Force (IETF) published the new HTTP / 3 hypertext transfer protocol standard. But the IETF did not discover anything new with this new protocol: it only knew how to recognize the signs of our time and conceived a web protocol that offered faster data transfer, increased security and more efficient connections. Back in 2012, Google had developed the true successor to HTTP / 2, called QUIC (Quick UDP Internet Connections) and implemented it as HTTP-over-QUIC in a variety of products..

In any case, the HTTP / 3 standard encompasses the advantages of the existing HTTP / 2 and HTTP-over-QUIC transfer protocols, achieving faster and more stable data transfer. If all goes according to plan, HTTP / 3, which follows a QUIC or UDP-based approach , will replace HTTP / 2, based on TCP.

What does HTTP / 3 contain?

To understand the mechanics of HTTP / 3, you first need to understand how QUIC, UDP, and HTTP / 2 work , as HTTP / 3 is basically an amalgamation of these components. The very name HTTP-over-QUIC already indicates that the data transfer is not done by TCP, but by UDP..

HTTP / 2 uses TCP as the most widespread transfer protocol on the internet. TCP establishes connections through multi-phase handshakes and transfers data packets chronologically; furthermore, a transfer only proceeds if a packet has been transmitted successfully. The security of transfers is given through so-called acks , that is, request and delivery confirmations and verification numbers . The data transferred by TCP contains a header with parameters that help the sender's processes to connect with the receiver's peer processes .

When it comes to complete data transfer, TCP is very reliable. However, the same cannot be said for data congestion. and loading times, because when a data packet is lost , all transfers stop until it arrives. With HTTP / 2, the Internet protocol family reached its limit, because it was not possible to speed up data transfer without a new protocol.

Therefore, Google took the initiative and developed QUIC , its own transfer protocol. QUIC avoids TCP load congestion by resorting to UDP transfer, which is based on datagrams and requires no connection. Like TCP, UDP works at the transport layer, but instead forgoes sender and receiver acknowledgments . Each transfer does not have to wait for the previous one, and the roundtrip between client and server is shortened considerably. The IETF recognized the benefits of this new protocol and introduced it in 2018 as HTTP-over-QUIC, the version that replaced HTTP / 2.

Basically the HTTP transport protocol remains the same. It is still composed of a header ( header ) and a message body ( body ), and uses verbs, cookies and cache. The difference lies in the way the data is transferred and the availability of built-in encryption.

What functions does HTTP / 3 have?

For the HTTP / 2 protocol to work over QUIC, specific functions had to be modified (using the experimental HTTP-over-QUIC), which led to the creation of HTTP / 3.

The most important new feature of the third generation of HTTP is the exclusive use of URLs of type HTTPS . Any outdated and dubious URLs are marked as not secure and / or not encrypted. Using QUIC and UDP, HTTP / 3 overrides the TLS encryption pass at the TCP level and uses TLS 1.3 encryption automatically . Therefore, HTTP / 3 can only be applied if there is an encoding.

Other new functions are the constant connection in case of change of network during the transfer (by the client or the server), the notable reduction of data packets thanks to the fact that the packet transfer is done in parallel, and a forward error correction , that is, a correction of errors that already takes place at the QUIC level.

What are the advantages of HTTP / 3?

The benefits of HTTP / 3 are increased transfer speed, reduced load times, and a more stable connection. Because it is based on UDP, HTTP / 3 addresses the weaknesses of TCP and takes full advantage of HTTP / 2 and HTTP-over-QUIC.

As HTTP / 2 uses multiplexing, that is, the simultaneous download of data, this second generation of HTTP is affected by head-of-line-blocking . We are talking about digital funnels that are responsible for interrupting all transfers when a package is lost in one of them. In contrast, when using UDP, HTTP / 3 does not wait for the transfer to complete, but continues the upload process.

HTTP / 3 waiver of handshakes preliminary verifying the security of the connection. Instead of delivering security requests to the upper TLS layer, the encryption takes place directly through the transfer protocol. HTTP / 3 reduces the duration of the connection establishment from two steps to one.

To complete a successful download, HTTP / 3 does not depend on ((IP addresses | server / knowhow / was-ist-das-internet-protocol-definition-von-ip-co /), but instead uses individual connection ids that make constant download possible even in case of network change.

Above all, for mobile device users, HTTP / 3 improves browsing comfort thanks to a more stable, flexible and faster connection.

HTTP / 2 vs. HTTP / 3: differences and similarities

Here is a brief summary of the differences and similarities between HTTP / 2 and HTTP / 3.

Differences:

  • HTTP / 3 is based, unlike HTTP / 2, on UDP and not TCP.
  • Through built-in TLS 1.3 encryption, HTTP / 3 forgoes additional encryption requests ( handshakes ) at the TLS level and avoids unnecessary security requests.
  • Due to the built-in TLS 1.3 encryption, HTTP / 3 only supports encrypted connections, quite the opposite of HTTP / 2.

Similarities:

  • Both protocols use header compression . HTTP / 3, on the other hand, replaces the HPAck compression related to HTTP / 2 with Qpack in an ordered list of packages.
  • Like HTTP / 2, HTTP / 3 supports server push notifications , that is, the accelerated delivery of CSS and JavaScript data required for the browser to display a page.
  • Both protocols use request / response multiplexing, that is, the parallel transfer of data from different sources.
  • Transfer prioritization ensures that page content is loaded with priority in both protocols without having to wait for other requests to complete.
Note

For a long time, HTTP / 2 was considered an efficient and reliable transfer protocol. To learn more about this pre-HTTP / 3 protocol and the improvements it offered in terms of security and connection speed, visit our article on HTTP / 2.

What problems can HTTP / 3 bring?

Many critics of HTTP / 3 claim that very little time has passed between this third version and the HTTP / 2 protocol, and they regard UDP as a network protocol lacking. In addition, the users especially those who benefit from this new HTTP protocol, but the suppliers are facing certain challenges when changing TCP and UDP and TLS to QUIC.

As security control and encryption are not done via TLS, but directly via UDP, and UDP has to send as many packets in the shortest time possible, providers fear that data traffic cannot be thoroughly checked due to the absence of TLS authentication . Therefore, the risks to the security of applications and data is a point highly criticized by Internet providers. Thanks to the clear request-response regulation, TCP was considered a reliable and connection-oriented protocol. As QUIC itself takes many intermediate steps, the suspicion remains as to whether the provider's control options are limited by HTTP / 3 , and whether the risk of malware entering the data stream is greater.

As the increasing supply of multimedia files, such as images, videos and other elements of social networks, demands more speed in data transfers, users can only hope that the family of Internet protocols advances as soon as possible and that providers can keep up with the constant and increasingly rapid evolution of the internet.


...