QUIC, dig in: Microsoft open-sources MsQuic, its implementation of Google-spawned TCP-killer QUIC

The sequel to Pac-Man was Ms. Pac-Man. And Microsoft’s QUIC library is called MsQuic


Microsoft has revealed it's a user of QUIC – the TCP successor that's integral to HTTP3 but hasn't quite excited too many folk beyond Google and Cloudflare.

QUIC – an acronym for Quick UDP Internet Connections – is a Google emission from 2013 that aims to help the internet scale and speed up by offering an alternative to TCP's chatty and OS-dependent ways. Google and Cloudflare, who both have an interest in faster and more elegant internetworking, eased QUIC into an IETF standards process and the protocol has become a part of HTTP/3.

While QUIC has made it into Chrome, observers like W3Techs detect just 3 or 4 per cent of websites using the protocol.

Which is why Microsoft putting its hand up as a user, advocate and source of code with which to implement QUIC caught your vulture's eye!

Microsoft said it would be shipping Windows with general purpose QUIC library MsQuic in the kernel "to support various inbox features". The company’s post added:

  • The Windows HTTP/3 stack is being built on top of MsQuic.
  • Microsoft 365 is testing a preview version of IIS using HTTP/3 to reduce tail loss latencies in the last mile. This is currently active in internal dogfood environments.
  • .NET Core has built HTTP/3 support into Kestrel and HttpClient on top of MsQuic. HTTP/3 support is in experimental preview for the 5.0 release of .NET Core.
  • SMB in Windows is also prototyping MsQuic usage. QUIC brings several benefits for SMB, such as better internet reachability, a secured connection based on industry standard TLS and server authentication with certificate validation. Best of all, this brings a completely different workload on top of MsQuic, strengthening the general-purpose nature of the transport.

The post also tells us a little about why Microsoft is playing with QUIC:

“MsQuic brings performance and security improvements to many important networking scenarios. Our online services benefit the most from performance improvements like reduced tail latency and faster connection setup. Our connections will be able to seamlessly switch networks because they can survive IP address/port changes. This equates to better user experience on our edge devices.”

QUIC is still on the IETF’s standards track. Microsoft says MsQuic is “ready for prototyping and testing” and has promised a deeper dive into its implementation of the protocol soon. ®


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022