![TCP [HTTP/2] vs QUIC [HTTP/3]](https://media.licdn.com/dms/image/v2/D4E12AQHQtXf02Poy6w/article-cover_image-shrink_720_1280/article-cover_image-shrink_720_1280/0/1658755854451?e=2147483647&v=beta&t=e5S_DnvQPbcupwLOMmVv8v3WfmiAQyssKHYYHxxBHLM)
TCP [HTTP/2] vs QUIC [HTTP/3]
QUIC is a next-generation general purpose transport protocol that is designed to improve upon the security, latency, and efficiency of TCP.
Brief history of QUIC
Intially designed and deployed by Jim Roskind at Google around 2012 and publicly announced in 2013, QUIC has come a long way. In 2018 the IETF's HTTP and QUIC Working groups decided to call the HTTP mapping over QUIC "HTTP/3".
Since then, it has already been adopted by major browsers, including Chrome, Firefox, and Edge. It is also supported by major content delivery networks (CDNs), such as Cloudflare and Akamai.
Why was it long overdue in the first place?
According to Robin Marx , one of the developers/contributors invited as a guest on David's Bombal YT channel, QUIC was designed in order to address the known limitations of TCP (which is some 40 years old), such as connection setup latency, head-of-line blocking, and congestion/flow control. TCP, and TLS/SSL, routinely require one or more round trip times (RTTs) during connection establishment.
QUIC uses UDP instead of TCP, which allows it to establish connections more quickly and reduces the number of round-trips required for data delivery. This can result in significant reductions in latency and improved throughput.
Recommended by LinkedIn
According to Google, QUIC can commonly reduce connection costs towards zero RTTs. (i.e., send hello, and then send data request without waiting).
It is also more secure than TCP, as it uses TLS for encryption and authentication. This means that QUIC connections are less likely to be intercepted or tampered with than TCP connections.
What are the security implications?
The #security implications of this are two-fold. First, QUIC is likely to become the preferred transport protocol for many applications, which could lead to a decrease in the use of TCP. This could have a negative impact on the security of the Internet as a whole, as TCP is more widely deployed and tested than QUIC. Second, the use of QUIC could lead to an increase in the number of attacks targeting UDP traffic, as attackers may attempt to exploit vulnerabilities in QUIC implementations.