Security Implications of QUIC
Paul Vixie 🗣 | Ben April
The Internet has long served as the Web’s communications substrate, and historically that has meant TCP/IP. TCP is a clear text reliable stream protocol which predates the Web by about two decades and is usually implemented in the operating system’s kernel. Starting in 2013, the Web community has reconsidered the use of clear text protocols and kernel resident protocols. The result is QUIC, a fully encrypted protocol intended to be implementable at the application layer. Adoption of QUIC will radically alter the security profile and performance characteristics of managed private edge networks including home and enterprise, for both Web servers and Web clients. Let’s discuss.