HTTP3, the third official version of hypertext transfer protocol (HTTP), will not use the transmission control protocol (TCP) as did its predecessors. Instead, it uses the quick UDP internet connections (QUIC) protocol developed by Google in 2012.
QUIC is a transport layer protocol based on a multiplexed version of user datagram protocol (UDP) connections. Unlike TCP, UDP does not follow the TCP three-way handshake, but uses a single UDP roundtrip. Thus, the QUIC protocol exponentially improves any web component’s network performances as it uses UDP for every connection between the user-agent and the web server. Also, QUIC relies on multiplexing to manage multiple interactions between the user-agent and server seamlessly over a single connection, without any one blocking another, thus helping with performance improvements compared to its predecessors.
With several benefits from the performance and reliability perspective, HTTP/3 is considered the right way to go. From the security and privacy perspective, both benefits and limitations exist, with most being extensively detailed in the research arena. This article provides details on the benefits provided by HTTP/3 and some security considerations that must be taken into account.
End-to-end encryption
The TCP protocol was designed to ensure that the payload encryption was present during the transmission, but the transport-specific information was still unencrypted, raising many security and privacy issues. The countermeasures designed and implemented to prevent these attacks are not on the TCP stack but on the network appliances and the middleboxes that handle the protocol and network. Additionally, the parsers built to overcome these issues in load balancers and other network appliances have serious performance issues and may limit the future network expansions that are rapidly evolving and depend upon network speed and reliability.
Mots-clés : cybersécurité, sécurité informatique, protection des données, menaces cybernétiques, veille cyber, analyse de vulnérabilités, sécurité des réseaux, cyberattaques, conformité RGPD, NIS2, DORA, PCIDSS, DEVSECOPS, eSANTE, intelligence artificielle, IA en cybersécurité, apprentissage automatique, deep learning, algorithmes de sécurité, détection des anomalies, systèmes intelligents, automatisation de la sécurité, IA pour la prévention des cyberattaques.
Bots et IA biaisées : une menace silencieuse pour la cybersécurité des entreprises Introduction Les…
Cloudflare en Panne : Causes Officielles, Impacts et Risques pour les Entreprises Le 5 décembre…
Introduction La cybersécurité est aujourd’hui une priorité mondiale. Récemment, la CISA (Cybersecurity and Infrastructure Security…
La transformation numérique face aux nouvelles menaces Le cloud computing s’impose aujourd’hui comme un…
Les attaques par déni de service distribué (DDoS) continuent d'évoluer en sophistication et en ampleur,…
Face à l'adoption croissante des technologies d'IA dans les PME, une nouvelle menace cybersécuritaire émerge…
This website uses cookies.