I guess this is a security-related question.
I read up on QUIChttps://en.m.wikipedia.org/wiki/QUIC. It says of error correction:
QUIC can be implemented in the application-space, as opposed to being in the operating system kernel. This generally invokes additional overhead due to context switches as data is moved between applications. However, in the case of QUIC, the protocol stack is intended to be used by a single application, with each application using QUIC having its own connections hosted on UDP. Ultimately the difference could be very small because much of the overall HTTP/2 stack is already in the applications (or their libraries, more commonly). Placing the remaining parts in those libraries, essentially the error correction, has little effect on the HTTP/2 stack’s size or overall complexity.
So it seems to me, with QUIC, malicious hackers might not need a root-user-level hack any more to subvert the networking stack. They merely need to hack any app running with a non-administrator user’s account privileges, and attack the QUIC networking stack(s) found in userspace.
So I think QUIC, if it implements error correction in user space, not kernel space (as is customary for TCP and UDP), could provide a malicious hacker with some low hanging fruit to go after, if they can exploit any non-administrative user’s account.
Does this sound plausible, that a malicious hacker’s job becomes easier, when the QUIC networking stack is in user-space (say, as part of a web browser, or Syncthing itself), not kernel space?