6
lorentz
13h

HTTP/3 requires TLS. Wouldn't this make it drastically less economical to run a reverse-proxy? Are 4 unnecessary cryptographic operations per request not significant? What about the bandwidth overhead of rounding up the length of responses like `HTTP 200 OK\r\nContent-Length: 2\r\n\r\n{}` which make up a majority of all traffic to the nearest encrypted block?

Comments
  • 4
    I mean, HTTP2 "requires" TLS, but it's a separate layer so H2C is a strong standard with a very obvious definition. QUIC doesn't really work without TLS, so I'm not sure how an unencrypted version would even work, or whether anyone will support it.
  • 4
    Reverse proxy is mostly done with HTTP/1.1 i guess. It's only from client to server. App receives its classic requests. Also, it's probably possible to do with disabling certificates check and us a self signed.
  • 2
    When we are talking about efficiency, I’d start with optimizing \r\n to \n.
  • 3
    @lorentz I believe unencrypted is explicitly out of spec for quic
  • 0
    @BordedDev yeah, and I'm wondering why that would seem like a good idea when it's redundant for some contexts. Reverse proxies benefit from feature parity between the downstream and upstream protocol, which is why H2C is used.
  • 0
    I think it’s clearly designed (only) for infrastructure at scale. Your proxy would be running QUIC and internally it might be calling to any number of different servers over insecure HTTP/2 or maybe 1. It’s a bit dumb though, not every website is horizontally scaled or needs to be. QUIC definitely seems to fuck the middle class web server.
  • 0
    I'll just leave this one here, as I've _just_ read it.

    Source: https://commitstrip.com/en/2018/... .
Add Comment