1.3.6.1.4.1.61513@da_667@infosec.exchange yeah... I feel like suggesting http2 is a safer alternative is probably misguided and bias'd. It'll just have different problems.
da_667looks at shit like ysoserial and ysoserial.netI know, let's make the web opaque and require serialization/deserialization for every-goddamn-thing.
1.3.6.1.4.1.61513@da_667@infosec.exchange I'm not even trying to attack web shit but I've spent probably a week's worth of time this year diving into http/2 and grpc / browser source code due various bugs. Serialization will continue. Serialization bugs with multiplexing issues are only going to be discovered
(Also quic is slower on fast connections due to reassembly required meaning the entire fucking premise doesn't hold true)