quiche VS base-drafts

The title of this post puts emphasis on "written in C", making me wonder when this would ever be a desirable feature, given that more secure implementations are available, and can be integrated into old C projects just as easily.

No need to rewrite everything from the ground up: https://github.com/cloudflare/quiche#curl

The issue is dead silent too!

https://github.com/cloudflare/quiche/issues/1115

Even though Oxy is a proprietary project, we try to give back some love to the open-source community without which the project wouldn’t be possible by open-sourcing some of the building blocks such as https://github.com/cloudflare/boring and https://github.com/cloudflare/quiche.

They’ve been on the Rust train since at least 2019. Just look at projects like quiche, wrangler, and boringtun

It's more like Cloudflare forked nginx a long time ago, and is meanwhile in the very slow (like, decade-long) process of replacing it entirely.

The Cloudflare Workers Runtime, for instance, is built directly around V8; it does not use nginx or any other existing web server stack. Many new features of Cloudflare are in turn built on Workers, and much of the old stack build on nginx is gradually being migrated to Workers. https://workers.dev https://github.com/cloudflare/workerd

In another part of the stack, there is Pingora, another built-from-scratch web server focused on high-performance proxying and caching: https://blog.cloudflare.com/how-we-built-pingora-the-proxy-t...

Even when using nginx, Cloudflare has rewritten or added big chunks of code, such as implementing HTTP/3: https://github.com/cloudflare/quiche And of course there is a ton of business logic written in Lua on top of that nginx base.

Though arguably, Cloudflare's biggest piece of magic is the layer 3 network. It's so magical that people don't even think about it, it just works. Seamlessly balancing traffic across hundreds of locations without even varying IP addresses is, well, not easy.

I could go on... automatic SSL provisioning? DDoS protection? etc. These aren't nginx features.

So while Cloudflare may have gotten started being more-or-less nginx-as-a-service I don't think you can really call it that anymore.

(I'm the tech lead for Cloudflare Workers.)

Ask Cloudflare why they use HTTP/3 and QUIC https://github.com/cloudflare/quiche.

Cloudflare has used rust for multiple projects in the past such as their QUIC/HTTP3 implementation Quiche and a WireGuard implementation BoringTun.

QUIC is a step backwards here; it has no multipath support: https://lwn.net/Articles/964377/

Multipath: There are several areas where TCP still has an advantage over QUIC. One of those is multipath support. Multipath TCP connections can send data on different network paths simultaneously — for example, sending via both WiFi and cellular data — to provide better throughput than either path permits individually.

Server connection migration is explicitly forbidden by QUIC:

https://github.com/quicwg/base-drafts/pull/2031

https://github.com/quicwg/base-drafts/issues/253

TL;DR just like HTTP/2, we wanted to avoid friction in deploying these protocols. Having to rewrite URLs because of new schemes is pretty unpalatable, it has major impact. Instead, HTTP/3 can rely on other IETF-defined mechanisms like Alt-Svc (RFC 7838) and the more recent SVCB / HTTPS RR [1] DNS-based methods. The latter has been deployed on Cloudflare a while [2] and supported in Firefox. Other user agents have also expressed interest or intent to support it.

The net outcome is that developers can by and large focus on HTTP semantics, and let something a little further down the stack worry more about versions. Sometime devs will need to peek into that area, but not the majority.

[1] - https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-...

After lots of hard work, we're excited to open-source [s2n-quic](https://github.com/aws/s2n-quic), a Rust implementation of the [IETF QUIC protocol](https://quicwg.org/). Feel free to ask any questions here in the comments or by [opening an issue](https://github.com/aws/s2n-quic/issues/new/choose). Thanks!

Maybe check out laminar and quinn, which implement custom protocols on top of UDP (quinn implements QUIC), to get an idea on how to do things.

IETF work is conducted mostly on email lists, hence the "many thousands of emails".

For some newer work like QUIC, GitHub is used to maintain a more to-the-minute shared view of the documents, and then again as mentioned in the text you quoted, GitHub Issues and PRs are used to manage the document, particularly by the most active participants.

https://github.com/quicwg/base-drafts - of course raising issues or PRs for them now won't do anything useful for you, because these RFCs were published. But you can see there were thousands of commits, one of the last being Martin Thompson's minor typographical tweaks summarised as "DOES IT NEVER END?!?".