
Why TLS 1.3 isn't ready yet - ninegunpi
https://www.feistyduck.com/bulletproof-tls-newsletter/issue_33_why_tls_13_isnt_there_yet
======
mtgx
> However, it seems that changing TLS 1.3 in slight ways that make it look
> more like TLS 1.2 may make it possible to bring the failure rate down to an
> acceptable level. How these changes look is unclear, as it hasn’t been
> discussed in public.

Or they could name and shame the makers of such devices?

More than anything I worry that this could lead to some weakness being
discovered in 1.3 later on because they're making these compromises to cater
to lazy middle-box providers.

~~~
djrogers
> lazy middle-box providers

It's not just the box providers, it's the customers doing in-house testing,
scheduling CRs, and deploying the upgrades to dozens or even hundreds of
devices that are inherently A) complex in their operation and B) cause outages
if they're not perfectly stable.

On the vendor side of things, it can take a while to integrate such a
substantial change to a complex device codebase in a stable way, and roll
those changes in to a long-term support version that customers are willing to
deploy.

There's also a significant risk for hardware vendors to build support for
protocols before the spec is finalized - making customers upgrade inline
hardware _twice_ is twice as difficult.

