HTTP/3 and QUIC: Who, what, where, when and, WHY? by Robin Marx

The new HTTP/3 and QUIC protocols are taking the world by storm, accounting for over 25% of worldwide Internet traffic in July 2024. While these new technologies carry a plethora of (still somewhat unproven) promises for improved performance and privacy/security, this comes at the cost of increasing complexity, and not everyone agrees the juice is worth the squeeze.In this session we look at the historical context for the new protocols to better understand where they come from. We discuss some of the new performance and especially security features (for example connection migration, 0-RTT handshakes, head-of-line-blocking removal, amplification prevention, …) and the inherent tradeoffs that are made within. We also look at some “funny” anecdotes of things that have gone wrong while trying to deploy the new protocols at scale (spoiler alert: from now on, it’s no longer “always DNS”).You will walk away with a better overall understanding of why the protocols were needed, where and when they can be useful, and how they might be useful to you, now and in the future.