News

Microsoft Embracing Native QUIC in Newer Windows OSes and Edge Browser

• By Kurt Mackie
• 08/26/2021

Microsoft this week described QUIC, an Internet transport layer protocol alternative to the venerable Transmission Control Protocol (TCP), in an announcement.

QUIC 1.0 is "less than 4 months old" but it's already supported in "modern browsers." It's also already supported in "Windows 10 21Hx, Windows 11 and Windows Server 2022," explained James Kehr, a Windows escalation engineer, in the announcement.

Some Linux systems have native QUIC support.

"Apple has native QUIC support starting with Big Sur," Kehr wrote. "Linux and FreeBSD currently need a QUIC driver installed or implemented in the user application, but future versions may have native support."

Older Windows systems are expected to get MsQuic support "in early 2022." MsQuic is Microsoft's version of QUIC.

Devised by Google
QUIC was originally devised by Google, which defined it as "Quick UDP Internet Connections." However, the Internet Engineering Task Force uses QUIC as the name of the protocol, and doesn't consider it to be an acronym. The Internet Engineering Task Force is planning to describe QUIC's HTTP mapping as "HTTP/3," a new standard that is nearing completion.

QUIC uses existing Internet technologies. It's based on the Internet's User Datagram Protocol (UDP) and more, according to Kehr:

QUIC uses UDP for ports and connectionless transport, then adds the resiliency of TCP, the security of TLS 1.3, sprinkles in a dash of commands and version control from protocols like SMB [Server Message Block], and then mixes in a set of new protocol concepts and efficiencies to create something entirely unique in the protocol world.

Server Message Block over QUIC is one of the new security features in Windows Server 2022, which quietly reached "general availability" last week. Microsoft described how to set up Windows Server 2022 to use HTTP/3 in this article.

QUIC Benefits
Data transport is secure with QUIC because it requires Transport Layer Security 1.3 (TLS 1.3) encryption for "all data." Several attack methods are lessened with QUIC, according to Kehr:

In addition to encryption, QUIC is built to prevent or lessen the impact of things like Denial of Service (DoS), replay, reflection, spoofing, and other types of attacks. QUIC can't eliminate all attacks, but it does try to make it harder to successfully attack.

QUIC involves less handshaking than TCP/IP when making connections, and fewer packets are exchanged, which speeds access. QUIC also enables switching from wired connections to wireless ones, without having to reconnect the client.

QUIC has a versioning capability, which will make it easier to make changes over time. It's also possible to customize QUIC by writing "extension frames," which can be public or private.

Kehr noted that possible QUIC setbacks may exist. Older operating systems will likely lack QUIC support. Developers will have "a learning curve when developing for QUIC." Moreover, ISPs likely will prefer TCP traffic over UDP traffic, which could lead to "performance issues during peak hours" for QUIC users.