What is HTTP/3 and when will the standard be released?

The Hypertext Transfer Protocol (HTTP) refers to a protocol for transferring data in computer networks at the application layer - abstracted between different applications. For the transport between network components, data protocols such as the Transmission Control Protocol (TCP) and the underlying Internet Protocol (IP) are used. A considerable amount of all Internet communication still takes place using the versions 1.0 and 1.1 created before the turn of the millennium, although since its official introduction in May 2015 HTTP/2 has increasingly established itself as the standard. In relatively short succession, HTTP/3 followed in November 2018, aiming to offer higher speed and security, as well as better efficiency.

What are the basics of HTTP/3?

HTTP/3 is by no means a simple evolution; rather, it represents a new approach that Google has been experimentally pursuing since 2012, now turned into a general standard. It differs significantly in some aspects from previous methods, combining the features of HTTP/2 with the User Datagram Protocol (UDP), which is already 40 years old. Google actively developed its own specification of the Quick UDP Internet Connections (QUIC) protocol based on this widely used protocol, also used for queries within the Domain Name Systems (DNS). On the other hand, HTTP/2's foundations were adopted, including header compression, multiplexing for parallel streaming of data of different origins such as images, videos, or text, and prioritisation of data streams, favouring files like CSS and JavaScript if they are essential for page rendering.

What are the differences between HTTP/2 and HTTP/3?

A key shift from HTTP/2 to its successor HTTP/3 is the move away from using TCP for transmission, instead relying solely on QUIC. The hallmark of HTTP/2 and older versions was the TCP-driven communication, strictly sequential through multi-step handshakes between server and client. All data packets are transmitted incrementally and their reception follows a predetermined order, meaning a single lost packet can disrupt the transmission. In contrast, UDP and its derivative QUIC operate connectionlessly. There is no verification of successful delivery, only - if necessary - a checksum for packet and overall transmission integrity. This approach eliminates data congestion caused by missing packets that would require retransmission, significantly impacting speed.

Additionally, QUIC and therefore HTTP/3 mandate encryption above the Transport Layer Security (TLS) protocol used for websites in HTTPS, version 1.3 or higher. Unlike HTTP/2, encryption is no longer handled by an external entity at the TCP protocol level but is tightly integrated into QUIC, forming the foundation for successful communication. For larger downloads, identification is no longer based on IP addresses but on an individual ID assigned to the user. This allows HTTP/3 to seamlessly continue downloads and streams even when switching networks - such as a mobile device moving between different cell towers - without interruption or reconnection.

When will HTTP/3 establish itself as the new standard?

Current browsers already support HTTP/3 as a standard. However, the transition poses a major challenge for providers who need to implement this change in their infrastructure. Some of them also see security issues, fearing that the integrated encryption could weaken the previously clear control of data traffic due to the lack of TLS authentication. It is therefore possible that HTTP/3 may hinder the work of providers if they want to block malware, DDOS attacks, or fake packets in the context of cyber attacks. A widespread adoption is therefore expected at best in the medium term, which is why HTTP/2 is likely to remain in use at least partially for many years to come. This is evidenced by the fact that even after more than 20 years, HTTP 1.0 and 1.1 are still used on many websites. The usage in local networks has even increased, as many IoT devices with simple web interfaces simply do not have sufficient computing power to enable efficient encryption of connections.

Compare web hosting with HTTP/2 support

Photo: Gerd Altmann on Pixabay