This isn't really about QUIC so much as it is about developer experience. Authentication, confidentiality, integrity, congestion control, reliable+ordered streams etc. are all fundamental features of the protocol, so of course it's a bit beefy. Those LoC have to be written somewhere - whether in the kernel or in userspace makes little difference, semantically. The reason that QUIC is a library is because it's still relatively new. That said, support for creation of QUIC sockets in the Linux kernel is underway (https://lwn.net/Articles/1029851/).

I mean, isn't TCP six figure LoC? It just lives in the kernel, not in a library.

Can't say I disagree much with his take. We've been doing the whole internet thing going on six decades now, and we shouldn't need to think about this stuff nearly as much as we still do. Maybe once it reaches 100 years old we'll know how to do stuff in a sane fashion by default.