HTTP over UDP?
Posted: Tue Nov 13, 2018 5:09 pm
NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
This seems like a potential privacy issue. Does it pose any privacy risk that wouldn't be there without QUIC?https://en.wikipedia.org/wiki/QUIC#QUIC wrote:Another goal of the QUIC system was to improve performance during network-switch events, like what happens when a user of a mobile device moves from a local WiFi hotspot to a mobile network. When this occurs on TCP, a lengthy process starts where every existing connection times out one-by-one and is then re-established on demand. To solve this problem, QUIC includes a connection identifier which uniquely identifies the connection to the server regardless of source. This allows the connection to be re-established simply by sending a packet, which always contains this ID, as the original connection ID will still be valid even if the user's IP address changes.