I want the next generation web here SPDY QUIC
A review of the SPDY and QUIC protocols
Agenda
•History
•What’s up with HTTP?
•SPDY
•QUIC
•Security
•The Future
About Me
About Me
About Me
Before we start
ASK
What is SPDY?
•What?
•Why?
What is QUIC?
•What?
•Why?
History
•HTTP 0.9 - First documented in 1991
•HTTP 1.0 - First documented in 1996
•HTTP 1.1 – Released in 1997
•HTTP 1.1 –...
What’s up with HTTP?
•Connections
•Latency
•Headers
What’s up with HTTP?
Home.aspx
Logo.jpg
Time
What’s up with HTTP?
Home.aspx
Logo.jpg
Time
What’s up with HTTP?
"A single-user client SHOULD
NOT maintain more than 2
connections with any server or
proxy"
What’s up with HTTP?
Source: Akamai State of the Internet Report
What’s up with HTTP 1.1?
Resources
Time
History
•183 Resources
•44 Domains
•25 HTML Pages
•2MB of text content
What’s up with HTTP?
What’s up with HTTP?
GET /news/ HTTP/1.1
Host: www.bbc.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Geck...
What’s up with HTTP?
GET /news/ HTTP/1.1
Host: www.bbc.co.uk
SPDY
Source: The Chromium Projects
SPDY
•Multiplexing
•Prioritisation
•Header Compression
•Server Push & Server Hint
SPDY
•Multiplexing
•Prioritisation
•Header Compression
•Server Push & Server Hint
SPDY?
Home.aspx
Logo.jpg
Image.bmp
Logo.jpg
Image.bmp
Home.aspx
SPDY
•Multiplexing
•Prioritisation
•Header Compression
•Server Push & Server Hint
SPDY
•Multiplexing
•Prioritisation
•Header Compression
•Server Push & Server Hint
What’s up with HTTP?
GET /news/ HTTP/1.1
Host: www.bbc.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Geck...
SPDY
•Multiplexing
•Prioritisation
•Header Compression
•Server Push & Server Hint
SPDY
SPDY
SPDY
SPDY
SPDY
SPDY?
TLS Request +
Next Protocol
TLS Response
SPDY Request
SPDY Response
SPDY
•NPN Support Added 1.0.1
•ALPN Support Added 1.0.2
QUIC
•Remove head-of-line-blocking
•0RTT
•Recover lost packets
•Congestion control
•Network change survival
QUIC
QUIC
QUIC
QUIC
“The middle box problem”
QUIC
Connect
Certificate
Negotiation
Response
Security
SPDY Security
•Header injection
SPDY Security
“complexity is the worst enemy of
security”
"The only way to evaluate the
security of a system is to analyze...
SPDY Security
Security
•Certificate Revocation
•Malicious servers
•Content inspection
•Other new attack vectors
Security
QUIC Security
•Privacy
•Authentication
•Integrity
QUIC Security
•Replay Protection
•Dos Protection
•Address Spoofing Detection
QUIC Security
QUIC Security
•Cross-connection attacks?
•Embryonic attacks?
•Memory exhaustion?
•DDoS
The Future
•Web Clients
•Web Servers
•Internet Infrastructure
•Network Infrastructure
•SSL Stacks
The Future
The Future
•Libspdy - C
•Net-http-spdy – Ruby
•Spdylay – Python
•http2-katana – C#
•Jetty – Java
•Erlnag-spdy - Erlang
The Future
Fin
Questions?
Matt.summers@nccgroup.com
@dive_monkey
Europe
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Munich
Amsterdam
Zurich
North America
Atlanta
Chica...
Upcoming SlideShare
Loading in …5
×

I want the next generation web here SPDY QUIC

890 views
728 views

Published on

Matt Summers, NCC Group - Web technology has changed a lot in the last 25 years but the underlying transport mechanism has stayed the same. The web we have today was not designed for the plethora of new device types and communication methods but things are changing and you probably don’t even know it. You probably don’t even notice the problem because it is so ingrained. In this presentation we are going to delve into the problems with the web and how we use it today. We will also take an in depth look at the proposed solutions for the next generation web and the implications that come with it.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
890
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • We also need more research.
  • I want the next generation web here SPDY QUIC

    1. 1. I want the next generation web here SPDY QUIC A review of the SPDY and QUIC protocols
    2. 2. Agenda •History •What’s up with HTTP? •SPDY •QUIC •Security •The Future
    3. 3. About Me
    4. 4. About Me
    5. 5. About Me
    6. 6. Before we start ASK
    7. 7. What is SPDY? •What? •Why?
    8. 8. What is QUIC? •What? •Why?
    9. 9. History •HTTP 0.9 - First documented in 1991 •HTTP 1.0 - First documented in 1996 •HTTP 1.1 – Released in 1997 •HTTP 1.1 – Updated in 1999
    10. 10. What’s up with HTTP? •Connections •Latency •Headers
    11. 11. What’s up with HTTP? Home.aspx Logo.jpg Time
    12. 12. What’s up with HTTP? Home.aspx Logo.jpg Time
    13. 13. What’s up with HTTP? "A single-user client SHOULD NOT maintain more than 2 connections with any server or proxy"
    14. 14. What’s up with HTTP? Source: Akamai State of the Internet Report
    15. 15. What’s up with HTTP 1.1? Resources Time
    16. 16. History •183 Resources •44 Domains •25 HTML Pages •2MB of text content
    17. 17. What’s up with HTTP?
    18. 18. What’s up with HTTP? GET /news/ HTTP/1.1 Host: www.bbc.co.uk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.bbc.co.uk/news/england/ Cookie: NTABS=B0; BBC- UID=2583816c740b5213b567deae81f1f11c5e89720eae48c3293395badd482afad00Mozilla%2f5%2e0%20%28Windows%20N T%206%2e1%3b%20WOW64%3b%20rv%3a27%2e0%29%20Gecko%2f20100101%20Firefox%2f27%2e0; BGUID=e513614cf47b72b7916877ff1183a8509e60292969e8942b1e4157e7578c4078; s1=531C4B275C0603BA; ecos.dt=1400334549086; ckns_policy=111; ckpf_mandolin=%22footer- promo%22%3A%7B%22segment%22%3Anull%2C%22end%22%3A%221400939293613%22%7D; _chartbeat2=0nohd0na7hc3kcd7.1400334522757.1400334540677.1; _chartbeat_uuniq=1; BBCLiveStatsClick=nav|1|0 DNT: 1 Connection: keep-alive
    19. 19. What’s up with HTTP? GET /news/ HTTP/1.1 Host: www.bbc.co.uk
    20. 20. SPDY Source: The Chromium Projects
    21. 21. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
    22. 22. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
    23. 23. SPDY? Home.aspx Logo.jpg Image.bmp Logo.jpg Image.bmp Home.aspx
    24. 24. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
    25. 25. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
    26. 26. What’s up with HTTP? GET /news/ HTTP/1.1 Host: www.bbc.co.uk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.bbc.co.uk/news/england/ Cookie: NTABS=B0; BBC- UID=2583816c740b5213b567deae81f1f11c5e89720eae48c3293395badd482afad00Mozilla%2f5%2e0%20%28Windows%20N T%206%2e1%3b%20WOW64%3b%20rv%3a27%2e0%29%20Gecko%2f20100101%20Firefox%2f27%2e0; BGUID=e513614cf47b72b7916877ff1183a8509e60292969e8942b1e4157e7578c4078; s1=531C4B275C0603BA; ecos.dt=1400334549086; ckns_policy=111; ckpf_mandolin=%22footer- promo%22%3A%7B%22segment%22%3Anull%2C%22end%22%3A%221400939293613%22%7D; _chartbeat2=0nohd0na7hc3kcd7.1400334522757.1400334540677.1; _chartbeat_uuniq=1; BBCLiveStatsClick=nav|1|0 DNT: 1 Connection: keep-alive
    27. 27. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
    28. 28. SPDY
    29. 29. SPDY
    30. 30. SPDY
    31. 31. SPDY
    32. 32. SPDY
    33. 33. SPDY? TLS Request + Next Protocol TLS Response SPDY Request SPDY Response
    34. 34. SPDY •NPN Support Added 1.0.1 •ALPN Support Added 1.0.2
    35. 35. QUIC •Remove head-of-line-blocking •0RTT •Recover lost packets •Congestion control •Network change survival
    36. 36. QUIC
    37. 37. QUIC
    38. 38. QUIC
    39. 39. QUIC “The middle box problem”
    40. 40. QUIC Connect Certificate Negotiation Response
    41. 41. Security
    42. 42. SPDY Security •Header injection
    43. 43. SPDY Security “complexity is the worst enemy of security” "The only way to evaluate the security of a system is to analyze it“ Source: Bruce Schneier
    44. 44. SPDY Security
    45. 45. Security •Certificate Revocation •Malicious servers •Content inspection •Other new attack vectors
    46. 46. Security
    47. 47. QUIC Security •Privacy •Authentication •Integrity
    48. 48. QUIC Security •Replay Protection •Dos Protection •Address Spoofing Detection
    49. 49. QUIC Security
    50. 50. QUIC Security •Cross-connection attacks? •Embryonic attacks? •Memory exhaustion? •DDoS
    51. 51. The Future •Web Clients •Web Servers •Internet Infrastructure •Network Infrastructure •SSL Stacks
    52. 52. The Future
    53. 53. The Future •Libspdy - C •Net-http-spdy – Ruby •Spdylay – Python •http2-katana – C# •Jetty – Java •Erlnag-spdy - Erlang
    54. 54. The Future
    55. 55. Fin Questions? Matt.summers@nccgroup.com @dive_monkey
    56. 56. Europe Manchester - Head Office Cheltenham Edinburgh Leatherhead London Munich Amsterdam Zurich North America Atlanta Chicago New York San Francisco Seattle Austin Australia Sydney

    ×