What about the chromium based browsers?
They may have merged it.
Nice (from Chrome)
fl=21f592 h=http://www.lfgss.com ip=213.205.xxx.xxx ts=1618935526.419 visit_scheme=https uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 colo=LHR http=http/3 loc=GB tls=TLSv1.3 sni=plaintext warp=off gateway=off
Sadly QUIC is blocked at work because InfoSec can't decrypt it and pass it through their expensive threat analysis appliance.
They're going to hate the future 😁
But thankfully http3 falls back to http2
Eventually the appliance vendors will catch up and add QUIC proxy/MITM support. Probably.
The protocol explicitly includes features to prevent state level MITM. So appliances in the workplace are fucked.
Together with other measures in TLS and DNS there's nothing that those legacy appliances can do.
Work authorised browsers would the only way to MITM, perhaps with browser certifying itself to force you to use it... But now it isn't a transparent MITM as the browser is just an authorised client.
The MITM we already do isn't transparent as we resign everything with our own CA. It's not very different to a proxy in many ways and there are things that claim to proxy QUIC about already.
Firefox just pushed this in Firefox 88 and you do have to go into
about:configsearch for the
http3options and enable it... but it's there.
So I've turned on HTTP3 for LFGSS.
What does this mean for you?
Erm... it's faster?
HTTP3 is basically UDP rather than TCP and the history goes like this:
Something like that (read the RFCs if you care enough).
What does it mean for the site?
If you frequently go into threads with lots of attachments... those threads will be noticeably faster.
What are the risks?
Erm... it's hard to stop a layer 3 DDoS attack based on UDP packets due to how HTTP3 is also encrypted for everything and the encryption means DDoS providers struggle to differentiate between good and bad traffic. Not so bad for this site as the connection identifier encoded in the packets are known, but bad for transit providers where everything is meaningless. But I don't care about that :D
tl:dr If you use latest Chrome or Firefox (with HTTP3 enabled) then big threads with lots of images will load faster.