为什么 QUIC 协议使用在 TCP 上运行的 TLS 数据包时却被说是基于 UDP 构建的?
我正在研究QUIC协议,我的教授问我这个问题。据说Quic是在UDP上构建的,并使用TLS数据包。 TLS本身需要可靠的连接,即TCP。那么,为什么不说Quic是在TCP上建造的呢? PS:如果我的概念是错误的,请纠正我,如果可能的话,请在深入的Quic数据包中解释。
I was researching on QUIC protocol and my professor asked me this question. QUIC is said to be built on UDP and uses TLS packets. TLS itself requires reliable connection that is TCP. So, why QUIC is not said to be built on TCP?
PS: Please correct me if my concepts are wrong and if possible, please explain in deep how QUIC packets work.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
quic( rfc 9000 )不使用tls“ packets”。
从技术上讲,TLS使用术语“ record” 表示一个字节块这定义了协议的构造方式。记录指定了TLS协议版本,记录的长度等。
在TLS框架内部有一个或多个TLS 消息指定加密信息或命令。
TLS记录由TCP运输。
Quic所做的是重复使用某些TLS 消息,但没有TLS记录层。
例如,在TCP中,客户端发送的第一个字节通常是包装
clienthello消息的TLS记录。相反,在Quic中,第一个字节是Quic
初始数据包,它包含crypto框架,它包含client> clienthello消息,所有这些字节必须适合UDP数据报(它们通常是这样做的,并且初始数据包甚至带有padding框架以使初始字节至少至少1200)。请参阅 rfc 9001 有关TLS在Quic中使用的更多详细信息。
更广泛地涉及QUIC,它基于UDP,但借用了许多TCP功能(重传,流量控制等),基本上使其成为TCP的替代方案,因为它是可靠的网络协议,具有附加的安全性(加密)功能内置,由TLS借。
TCP是清晰的文本,依赖于顶部分层的TLs提供加密。
QUIC是TCP功能和TLS功能(没有透明文本Quic)的混合物,而无需分层。
当您说“为什么不说Quic是在TCP上建造的?”时,我说“ Quic不是在TCP上构建的,它是在UDP上构建的。但是,Quic borrows TCP功能使QUIC提供类似的功能,尤其是TCP,特别是可靠性和流量控制,UDP未提供”。
例如,在 jetty 我们已经实现了http/1.1和http/2(基于TCP的协议)在Quic之上,使用单个,持久的,Quic流。
这表明QUIC确实可以替代TCP,因为它可以携带为TCP设计的协议。
QUIC (RFC 9000) does not use TLS "packets".
Technically, TLS uses the term "record" to indicate a block of bytes that defines how the protocol is framed. A record specifies the TLS protocol version, the length of the record, etc.
Inside TLS frames there are one or more TLS messages that specify cryptographic information or commands.
The TLS records are transported by TCP.
What QUIC does instead is to reuse some of the TLS messages, but nothing of the TLS record layer.
For example, in TCP the first bytes sent by a client are typically a TLS record that wraps the
ClientHellomessage.In QUIC, instead, the first bytes are a QUIC
Initialpacket, that wraps aCRYPTOframe, that wraps theClientHellomessage, and all of these bytes must fit into a UDP datagram (they typically do, and theInitialpacket even carries aPADDINGframe to make the initial bytes at least 1200).Refer to RFC 9001 for more details about how TLS is used in QUIC.
More broadly about QUIC, it is based on UDP but borrows many TCP features (retransmissions, flow control, etc.) that basically make it an alternative to TCP in the sense that it is a reliable network protocol, with additional security (encryption) features built-in, borrowed by TLS.
TCP is clear-text and relies on TLS layered on top to provide encryption.
QUIC is a mix of TCP features and TLS features (there is no clear-text QUIC), without layering.
When you say "Why QUIC is not said to be built on TCP?", I say "QUIC is not built on TCP, it is built on UDP. However, QUIC borrows TCP features that make QUIC provide similar functionalities as TCP, in particular reliability and flow control, that are not provided by UDP".
For example, in Jetty we have implemented HTTP/1.1 and HTTP/2 (that are TCP-based protocols) on top of QUIC, using a single, persistent, QUIC stream.
This shows that QUIC can be indeed a replacement for TCP, as it can carry protocols that were designed for TCP.
RFC都是由委员会撰写的,结构和语言常常令人困惑,因此很容易混合使用。
完整的TLS实施需要可靠的运输,截至今天,TCP和SCTP()。
quic( rfc9001 )实际上并不需要完整的TLS实施,但是重新使用TLSV1.3标准的部分:
因此,给定上述Quic对数据包数据进行加密的实际过程根本不是TLS,而是由Quic提供的。
The RFCs are all written by committee, and the structure and language is often confusing, so it is easy to mix things up.
A full TLS implementation requires a reliable transport, which as of today is provided by TCP and SCTP (RFC3436).
QUIC (RFC9001) doesn't actually require a full TLS implementation though, and instead simply re-uses parts of the TLSv1.3 standard:
So, given the above, the actual process that QUIC takes to encrypting the packet data isn't TLS at all, but is instead provided by QUIC.
Quic在其中包含TLS,以与TCP的工作方式相同,以便在UDP上使用它。
为什么要打扰重新发明TCP,而不仅仅是使用TCP?嗯,TCP有点“卡住”,因为它开始从根本上改变TCP的工作方式的新变化很慢。增强它以允许新功能(例如多路复流流)将需要花费大量时间才能在任何地方播放TCP。
Quic是建立在简单的UDP数据包上的,并且其他所有内容都通过Quic处理,中间的所有路由器和网络都不需要了解这些新的Quic功能。
QUIC includes TLS in it to allow it to be used over UDP in the same way as TCP works.
Why bother reinventing TCP and not just use TCP? Well TCP is kind of “stuck” as it’s slow to roll out new changes that fundamentally change how TCP works. Enhancing it to allow new features like multiplex streams will take a loooong time to roll out everywhere TCP is supported.
QUIC is built over simple UDP packets and everything else is handled at either end by QUIC and all the routers and networks in the middle don’t need to know about these new QUIC features.