| layout | title |
|---|---|
front |
QUIC Working Group |
The 'core' specifications comprising QUIC are:
- RFC 8999 - Version-Independent Properties of QUIC
- RFC 9000 - QUIC: A UDP-Based Multiplexed and Secure Transport
- RFC 9001 - Using TLS to Secure QUIC
- RFC 9002 - QUIC Loss Detection and Congestion Control
QUIC can be extended in several ways. The following have been formally standardized as RFCs:
- RFC 9221 - An Unreliable Datagram Extension to QUIC
- RFC 9287 - Greasing the QUIC Bit
- RFC 9368 - Compatible Version Negotiation for QUIC
- RFC 9369 - QUIC Version 2
Specifications providing considerations for application protocol developers using QUIC, and deployment / network operators managing/carrying QUIC:
- RFC 9308 - Applicability of the QUIC Transport Protocol
- RFC 9312 - Manageability of the QUIC Transport Protocol
We originated the HTTP/3 and QPACK RFCs. Ownership of these drafts has now transferred back to the HTTP WG.
In-progress documents for continued maintenance and evolution of QUIC, as described further in our charter.
- Load Balancers -
Datatracker
/
GitHub Repo 
- Acknowledgement Frequency -
Datatracker /
GitHub Repo
- qlog
- Multipath -
Datatracker /
GitHub Repo
- Reliable Reset -
Datatracker /
GitHub Repo
There are a range of implementations and tools, with a range of support for features of the core protocol and extensions.
Implementers should join the quicdev Slack to coordinate testing; contact the WG chairs for an invitation. Note that discussions on Slack are considered IETF contributions under "Note Well".
Automated, continuous interop testing is performed for participating QUIC implementations. Implementers are encouraged to join this effort by making compatible Docker images of their implementations available.
- Virtual Interim on QUIC multiplexing (TBD)
- IETF 123 Madrid (TBD)
If you believe you've discovered a vulnerability in the QUIC protocol (or related IETF protocols) please see the IETF's guidance on how to report these.
If you believe you've discovered an implementation vulnerability in a product, open source project, or service using QUIC, then you should report these directly to the responsible party. The IETF does not have a formal means to reach these parties and cannot do so on your behalf. Implementers or operators often provide their own publicly-available disclosure documents that provide contact details and guidelines for reporters. The implementations and tools page may include a link to such documents under the "Vulnerability reporting" field. If you believe the same vulnerability affects multiple different implementations or deployments, then a coordinated responsible disclosure may be the best path forward; please reach out to WG chairs for further information.
- Working Group materials -- agendas, minutes, etc.