Links for 2016-12-15

  • The hidden cost of QUIC and TOU

    The recent movement to get all traffic encrypted has of course been great for the Internet. But the use of encryption in these protocols is different than in TLS. In TLS, the goal was to ensure the privacy and integrity of the payload. It’s almost axiomatic that third parties should not be able to read or modify the web page you’re loading over HTTPS. QUIC and TOU go further. They encrypt the control information, not just the payload. This provides no meaningful privacy or security benefits. Instead the apparent goal is to break the back of middleboxes [0]. The idea is that TCP can’t evolve due to middleboxes and is pretty much fully ossified. They interfere with connections in all kinds of ways, like stripping away unknown TCP options or dropping packets with unknown TCP options or with specific rare TCP flags set. The possibilities for breakage are endless, and any protocol extensions have to jump through a lot of hoops to try to minimize the damage.

    (tags: quic tou protocols http tls security internet crypto privacy firewalls debugging operability)

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.


  1. Posted December 17, 2016 at 13:23 | Permalink

    I had to replace my router because of QUIC. I had a Billion 7800N that served me well for years, however the Google app and some other Google services started timing out on me; yet when I disabled WiFi and went onto a mobile network, it started working again.

    I checked with my provider (local wireless guy) and he told me it wasn’t him, so I bought a used WRT1900ACS and lo and behold it all started working again. I still don’t know if it was the actual router or a combination of that and my provider’s network, but I suspect there are other less IT-literate people out there completely frustrated with wonky Google services. It seems a little ill-thought out, or rather well thought out for Google, with little thought for anyone else.

  2. Posted December 19, 2016 at 13:37 | Permalink

    I’ve had problems with Youtube in particular before, on several networks, so it’s not just you. I try to avoid UDP in general where possible!

  3. Posted December 19, 2016 at 15:43 | Permalink

    Yeah, YouTube gets worse instead of better!