Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

I want the next generation web here SPDY QUIC

1,154 views

Published on

Matt Summers, NCC Group - Web technology has changed a lot in the last 25 years but the underlying transport mechanism has stayed the same. The web we have today was not designed for the plethora of new device types and communication methods but things are changing and you probably don’t even know it. You probably don’t even notice the problem because it is so ingrained. In this presentation we are going to delve into the problems with the web and how we use it today. We will also take an in depth look at the proposed solutions for the next generation web and the implications that come with it.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

I want the next generation web here SPDY QUIC

  1. 1. I want the next generation web here SPDY QUIC A review of the SPDY and QUIC protocols
  2. 2. Agenda •History •What’s up with HTTP? •SPDY •QUIC •Security •The Future
  3. 3. About Me
  4. 4. About Me
  5. 5. About Me
  6. 6. Before we start ASK
  7. 7. What is SPDY? •What? •Why?
  8. 8. What is QUIC? •What? •Why?
  9. 9. History •HTTP 0.9 - First documented in 1991 •HTTP 1.0 - First documented in 1996 •HTTP 1.1 – Released in 1997 •HTTP 1.1 – Updated in 1999
  10. 10. What’s up with HTTP? •Connections •Latency •Headers
  11. 11. What’s up with HTTP? Home.aspx Logo.jpg Time
  12. 12. What’s up with HTTP? Home.aspx Logo.jpg Time
  13. 13. What’s up with HTTP? "A single-user client SHOULD NOT maintain more than 2 connections with any server or proxy"
  14. 14. What’s up with HTTP? Source: Akamai State of the Internet Report
  15. 15. What’s up with HTTP 1.1? Resources Time
  16. 16. History •183 Resources •44 Domains •25 HTML Pages •2MB of text content
  17. 17. What’s up with HTTP?
  18. 18. What’s up with HTTP? GET /news/ HTTP/1.1 Host: www.bbc.co.uk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.bbc.co.uk/news/england/ Cookie: NTABS=B0; BBC- UID=2583816c740b5213b567deae81f1f11c5e89720eae48c3293395badd482afad00Mozilla%2f5%2e0%20%28Windows%20N T%206%2e1%3b%20WOW64%3b%20rv%3a27%2e0%29%20Gecko%2f20100101%20Firefox%2f27%2e0; BGUID=e513614cf47b72b7916877ff1183a8509e60292969e8942b1e4157e7578c4078; s1=531C4B275C0603BA; ecos.dt=1400334549086; ckns_policy=111; ckpf_mandolin=%22footer- promo%22%3A%7B%22segment%22%3Anull%2C%22end%22%3A%221400939293613%22%7D; _chartbeat2=0nohd0na7hc3kcd7.1400334522757.1400334540677.1; _chartbeat_uuniq=1; BBCLiveStatsClick=nav|1|0 DNT: 1 Connection: keep-alive
  19. 19. What’s up with HTTP? GET /news/ HTTP/1.1 Host: www.bbc.co.uk
  20. 20. SPDY Source: The Chromium Projects
  21. 21. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
  22. 22. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
  23. 23. SPDY? Home.aspx Logo.jpg Image.bmp Logo.jpg Image.bmp Home.aspx
  24. 24. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
  25. 25. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
  26. 26. What’s up with HTTP? GET /news/ HTTP/1.1 Host: www.bbc.co.uk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.bbc.co.uk/news/england/ Cookie: NTABS=B0; BBC- UID=2583816c740b5213b567deae81f1f11c5e89720eae48c3293395badd482afad00Mozilla%2f5%2e0%20%28Windows%20N T%206%2e1%3b%20WOW64%3b%20rv%3a27%2e0%29%20Gecko%2f20100101%20Firefox%2f27%2e0; BGUID=e513614cf47b72b7916877ff1183a8509e60292969e8942b1e4157e7578c4078; s1=531C4B275C0603BA; ecos.dt=1400334549086; ckns_policy=111; ckpf_mandolin=%22footer- promo%22%3A%7B%22segment%22%3Anull%2C%22end%22%3A%221400939293613%22%7D; _chartbeat2=0nohd0na7hc3kcd7.1400334522757.1400334540677.1; _chartbeat_uuniq=1; BBCLiveStatsClick=nav|1|0 DNT: 1 Connection: keep-alive
  27. 27. SPDY •Multiplexing •Prioritisation •Header Compression •Server Push & Server Hint
  28. 28. SPDY
  29. 29. SPDY
  30. 30. SPDY
  31. 31. SPDY
  32. 32. SPDY
  33. 33. SPDY? TLS Request + Next Protocol TLS Response SPDY Request SPDY Response
  34. 34. SPDY •NPN Support Added 1.0.1 •ALPN Support Added 1.0.2
  35. 35. QUIC •Remove head-of-line-blocking •0RTT •Recover lost packets •Congestion control •Network change survival
  36. 36. QUIC
  37. 37. QUIC
  38. 38. QUIC
  39. 39. QUIC “The middle box problem”
  40. 40. QUIC Connect Certificate Negotiation Response
  41. 41. Security
  42. 42. SPDY Security •Header injection
  43. 43. SPDY Security “complexity is the worst enemy of security” "The only way to evaluate the security of a system is to analyze it“ Source: Bruce Schneier
  44. 44. SPDY Security
  45. 45. Security •Certificate Revocation •Malicious servers •Content inspection •Other new attack vectors
  46. 46. Security
  47. 47. QUIC Security •Privacy •Authentication •Integrity
  48. 48. QUIC Security •Replay Protection •Dos Protection •Address Spoofing Detection
  49. 49. QUIC Security
  50. 50. QUIC Security •Cross-connection attacks? •Embryonic attacks? •Memory exhaustion? •DDoS
  51. 51. The Future •Web Clients •Web Servers •Internet Infrastructure •Network Infrastructure •SSL Stacks
  52. 52. The Future
  53. 53. The Future •Libspdy - C •Net-http-spdy – Ruby •Spdylay – Python •http2-katana – C# •Jetty – Java •Erlnag-spdy - Erlang
  54. 54. The Future
  55. 55. Fin Questions? Matt.summers@nccgroup.com @dive_monkey
  56. 56. Europe Manchester - Head Office Cheltenham Edinburgh Leatherhead London Munich Amsterdam Zurich North America Atlanta Chicago New York San Francisco Seattle Austin Australia Sydney

×