@@ -375,6 +375,112 @@ discuss below.
3753756.4 QUIC, HTTP/3 and TLS
376376------------------------
377377
378- 6.5 User Experience with HTTPS
378+ Since the invention of the World Wide Web in the 1990s, HTTP has run
379+ over TCP. HTTP/1.0, the original version, had quite a number of
380+ performance problems due to the way it used TCP, such as the fact that
381+ every request for an object required a new TCP connection to be set up
382+ and then closed after the reply was returned. HTTP/1.1 was proposed at
383+ an early stage to make better use of TCP. TCP continued to be the
384+ protocol used by HTTP for another twenty-plus years.
385+
386+ Adding security to HTTP-over-TCP in the form of SSL and TLS further
387+ exacerbated performance issues, even as advancements to HTTP mitigated
388+ some of the orginal problems. As noted in the preceding section, it
389+ takes at least one round trip time to establish a secure TLS
390+ session. The relatively recent introduction of 0-RTT data reduces the
391+ latency before the first data can be sent; it also comes with some
392+ security drawbacks as we observed above.
393+
394+ Of course, the time required to set up a secure session with TLS in
395+ *in addition * to the time need to set up a TCP connection. TCP needs
396+ to complete its 3-way handshake before the first TLS handshake
397+ message-which is just data as far as TCP is concerned-can be sent. So
398+ the sequence of events was:
399+
400+ - Client initiates TCP 3-way handshake to establish TCP session.
401+
402+ - TLS handshake establishes security parameters for client-server
403+ communication.
404+
405+ - First HTTP message gets sent from client to server.
406+
407+ In other words, in the original TLS-over-TCP model it would take at
408+ least three RTTs to get a response to a single HTTPS request. In fact
409+ up until TLS 1.3 arrived it was at least four RTTs due to the use of
410+ two RTTs to complete the TLS handshake.
411+
412+ This is not the only problem with running HTTP over TCP. A reliable,
413+ ordered byte stream as provided by TCP isn't exactly the right model
414+ for Web traffic. In particular, since most web pages contain many
415+ objects, it makes sense to be able to request many objects in
416+ parallel, but TCP only provides a single byte stream. If one packet is
417+ lost, TCP waits for its retransmission and successful delivery before
418+ continuing, while HTTP would have been happy to receive other objects
419+ that were not affected by that single lost packet. Opening multiple
420+ TCP connections would appear to be a solution to this, but that has
421+ its own set of drawbacks including a lack of shared information about
422+ congestion across connections.
423+
424+ Other factors such as the rise of high-latency wireless networks and
425+ the availability of multiple networks for a single device (e.g., Wi-Fi
426+ and cellular) contributed to the realization that the transport layer
427+ for HTTP would benefit from a new approach. The protocol that emerged
428+ to fill this need was QUIC.
429+
430+ In this section we will focus on how QUIC particularly improves the
431+ performance of TLS compared to running over TCP. QUIC is quite a
432+ comprehensive re-working of the transport layer that could fill its
433+ own book-indeed the set of RFCs that define it run to the hundreds of
434+ pages.
435+
436+
437+
438+ QUIC originated at Google in 2012 and was subsequently developed as a
439+ proposed standard at the IETF. It has already seen a solid amount of
440+ deployment—it is in most Web browsers, many popular websites, and is
441+ even starting to be used for non-HTTP applications. Deployability was
442+ a key consideration for the designers of the protocol. There are a lot
443+ of moving parts to QUIC—its specification spans three RFCs—but we
444+ focus here on how it changes the relationship between TLS and the
445+ underlying transport.
446+
447+ The single most important change in QUIC from the perspective of TLS
448+ performance is that it doesn't treat the transport and security
449+ handshakes as two distinct layers. Insteady, QUIC has build a
450+ cryptographic handshake based on TLS into the transport. This is
451+ illustrated by Figure foo.
452+
453+
454+
455+
456+ .. more to come
457+
458+
459+
460+
461+ protocols. Many of the limitations of TCP have been known for decades,
462+ but QUIC represents one of the most successful efforts to date to
463+ stake out a different point in the design space. Because QUIC was
464+ inspired by experience with HTTP, TLS, and the Web—which arose long after
465+ TCP was well established in the Internet—it presents a fascinating
466+ case study in the unforeseen consequences of layered designs and in
467+ the evolution of the Internet. There is a lot more to it that we can
468+ cover here. The definitive reference for QUIC is RFC 9000, while a
469+ more readable overview of the protocol and its deployment is reported
470+ in this paper from SIGCOMM 2017.
471+
472+
473+ .. _reading_quic :
474+ .. admonition :: Further Reading
475+
476+ A. Langley *et al. *
477+ `The QUIC Transport Protocol: Design and Internet-Scale Deployment
478+ <https://research.google/pubs/the-quic-transport-protocol-design-and-internet-scale-deployment/> `__.
479+ SIGCOMM 2017.
480+
481+
482+
483+ 6.5 A Systems View of TLS
379484------------------------------
380485
486+ .. talk about how user sees things from browser
0 commit comments