RFC 9114 Quiz

**Explanation:** **Terms:** HTTP/3, QUIC. HTTP/3 is the mapping of HTTP semantics onto QUIC streams. **Correct (A):** RFC 9114 defines HTTP/3 as running on QUIC. **Options:** - A (correct): QUIC provides streams, encryption integration, and connection migration. - B (incorrect): TCP is used by HTTP/1.1 and usually HTTP/2, not HTTP/3. - C (incorrect): SCTP is not the basis of HTTP/3. **Related:** QUIC itself commonly uses UDP as its substrate.

**Explanation:** **Terms:** head-of-line blocking, TCP, QUIC streams. TCP loss recovery can stall delivery for all multiplexed streams. QUIC avoids this by handling loss and streams differently. **Correct (C):** HTTP/3 aims to avoid the cross-stream stall that occurs when HTTP/2 multiplexes over one TCP byte stream. **Options:** - A (incorrect): DNS is separate from HTTP version. - B (incorrect): HTTP/3 still uses TLS 1.3 semantics integrated with QUIC. - C (correct): This is a primary motivation for moving to QUIC. **Related:** Application-level head-of-line can still happen due to server-side scheduling, but transport behavior is improved.

**Explanation:** **Terms:** header compression, QPACK, QUIC. HTTP uses many header fields, so compression reduces overhead, but it must not reintroduce head-of-line blocking. **Correct (B):** QPACK is the header compression mechanism used with HTTP/3. **Options:** - A (incorrect): Authentication is not the role of header compression. - B (correct): It compresses headers while working with QUIC stream delivery characteristics. - C (incorrect): Congestion control is a transport function, primarily in QUIC. **Related:** HTTP/2 uses HPACK. HTTP/3 uses QPACK to avoid coupling header decoding to ordered delivery.

**Explanation:** **Terms:** connection migration, path, connection ID. QUIC identifies connections independently of the 5-tuple (IP and port), enabling mobility. **Correct (A):** Connection migration is the ability to continue a connection across a path change. **Options:** - A (correct): This is a key QUIC feature. - B (incorrect): TLS 1.3 removed renegotiation and QUIC integrates TLS differently. - C (incorrect): Pipelining is an HTTP/1.1 concept. **Related:** Migration helps mobile clients switching networks without restarting all requests.

**Explanation:** **Terms:** 0-RTT, early data, replay. Early data can reduce latency but has replay risks depending on application context. **Correct (A,C):** Replay is the main security tradeoff. Applications should restrict early data to operations that are safe under replay. **Options:** - A (correct): An attacker may replay early data, so servers must account for it. - B (incorrect): Non-idempotent requests like money transfer are not safe under replay. - C (correct): Use early data for idempotent or otherwise replay-safe operations. - D (incorrect): HTTP semantics do not change. The transport security property changes the risk profile. **Related:** HTTP/3 inherits this consideration from TLS 1.3 early data used in QUIC.

**Explanation:** **Terms:** QUIC. HTTP/3 uses QUIC streams rather than TCP. **Correct:** QUIC. **Why others are wrong:** TCP is used for HTTP/2 in common deployments, but HTTP/3 specifically targets QUIC. **Related:** QUIC integrates security and transport features, which is why HTTP/3 differs operationally under loss.