HTTP/3 will be the next evolution in the protocol that changed the world. From humble beginnings in 1991 with the release of HTTP/0.9 to the current standard of HTTP/2, the HyperText Transfer Protocol (HTTP) has transformed both business and society forever.
HTTP has seen very few version changes over the years. The release of HTTP/1.1 in 1999 remained the standard version for 16 years until HTTP/2 became the new convention in 2015. However, with the continually evolving demands of the web, the Internet Engineering Task Force (IETF) has announced the delivery of the new protocol standard.
What is HTTP/3?
HTTP/3 is HTTP reworked to use the User Datagram Protocol (UDP) instead of the Transmission Control Protocol (TCP). The new standard is effectively a rename of HTTP-over-QUIC, an experimental protocol developed by Google that combines HTTP/2, TCP, UDP, and Transport Layer Security (TLS).
In 2015, researchers proposed Quick UDP Internet Connections (QUIC) as a draft standard to the IETF. HTTP-Over-QUIC followed a year later which was effectively a rewrite of HTTP on QUIC in place of TCP. Google started supporting the new protocol in Chrome 29 and also backed it on its server infrastructure. Over the past few years, other organizations have also adopted HTTP-over-QUIC due to the protocol’s speed and security benefits.
The Benefits of QUIC
The speed and performance of the Internet have always been a critical user experience metric. However, in today’s digitally driven online world performance is vital. The exponential growth in the number of services we depend on every day, as well as the increasing number of users accessing those services, is well beyond the initial scope of the Internet envisaged in 1991.
DARPA developed the Internet to provide a failsafe network ensuring the US military could communicate in the event of nuclear war. As redundancy and resilience was a vital part of this architecture, the protocol created to make this possible was TCP. TCP’s primary benefit is reliability. It ensures that two nodes can communicate by performing a three-way handshake. The initiator sends a synchronize (SYN) packet to the recipient which the recipient then recognizes by sending back a synchronize-acknowledgment (SYN-ACK) packet. The initiator then finalizes the connection by sending a final acknowledge (ACK) packet. Although this process increases reliability, it reduces efficiency.
The performance of HTTP over TCP is further impacted when data transmission requires encryption. Once the initial TCP three-way handshake completes, TLS also needs to implement its handshake to ensure it creates the relevant encrypted tunnel between the initiator and the recipient.
Unlike traditional HTTP, HTTP/3 uses QUIC that is layered over UDP as its primary communication protocol. UDP sacrifices reliability to increase session performance. Whereas TCP requires a three-way handshake, UDP simply broadcasts packets to its intended destination and does not need confirmation from its recipient before commencing the data transmission process. This broadcast mechanism makes it an appealing choice for applications that require extremely low latency. Services like audio or video that need almost zero delays in data transmission to ensure superior user experience are excellent examples of online solutions that demand this feature.
Another benefit UDP offers is near seamless data transmission in poor networking conditions. With TCP, should the data session lose a packet between source and destination, TCP holds the entire data transmission until the lost packet is received. The reason for this action is TCP’s dependence on packet order. The protocol dictates packets need to be sent in a particular sequence. Should the recipient not receive a packet, the data transmission is halted until the correct packet is received.
UDP, on the other hand, is not dependent on packet order. QUIC leverages this protocol benefit and layers stream multiplexing over UDP. Using this mechanism, it improves performance as only the contents of the individual streams need to be ordered. In this way, should a single stream lose a packet, just that stream is delayed. The primary data connection remains active ensuring that the unaffected streams can continue without being hindered by a single lost packet.
A Platform for Innovation
The other limitation of TCP is its implementation in the OS kernel. As a result, making changes to the TCP protocol requires users to update their operating system. This requirement limits the frequency changes can be made to the TCP stack. QUIC, on the other hand, leverages UDP that is typically utilized and implemented in apps and services. This feature means any new updates only requires the user to download the latest version which is far easier and more flexible than a full OS kernel update. As a result, innovation can occur more rapidly when HTTP/3 is the protocol in use.
Security is baked into HTTP/3 which leverages TLS as part of the HTTP-over-QUIC implementation. This security by default deployment means encrypted traffic over HTTP/3 is much faster. As HTTP/3 leverages the broadcast benefits of UDP as opposed to the three-way handshake reliability of TCP, encrypted sites load more quickly on this protocol.
An indirect benefit of HTTP/3’s use of TLS is that it will apply pressure on website operators to upgrade their site security to TLS 1.3. Forcing sites to upgrade to the latest TLS standard will speed up the experience for all users. As TLS 1.3 improves the speed of encrypted connections with features such as TLS false start and Zero Round Trip Time, it means users that are still connecting via HTTP/2 will also enjoy faster site load times.
HTTP/3 Promises a Faster and More Secure Experience
The announcement by the IETF that it will adopt HTTP-over-QUIC as the standard for HTTP/3 promises to bring greater speed and security for Internet users. Leveraging the broadcast, speed, and continuous data transmissions of UDP, this new standard will increase the rate of innovation and lower network congestion as we consume more services and generate more data. The added benefit of baked in security using the latest version of TLS also offers enhanced protection and will provide speed improvements in encrypted connections for every user of the Internet.