undefined | Better HN

0 pointsklabb34y ago0 comments

I think the common definition of e2e encryption covers user-to-user communication, so I'm confused how a transport protocol can offer e2e encryption at all (it would only do so if Quic is used over p2p between users, but that's a property of the application).

But even if the definition were different, http+tls would also be e2e encrypted (if used in conjunction which it pretty much always is).

I appreciate Quic but from a security perspective I don't see how it's different to what we've had for at least a decade.

0 comments

vlovich1234y ago

The difference is that the protocol itself is also encrypted (not just the application layer). In other words middleware can’t ossify the QUIC protocol and you’re not reliant on middleware to do anything other than route UDP (which lets you do whatever you want to the protocol itself).

jupp0r4y ago

QUIC had 0-roundtrip handshakes and brought it to TLS 1.3.

j / k navigate · click thread line to collapse