Martin Thomson <martin.thom...@gmail.com> writes:
>The advantage with deploying a new protocol is that you can be strict. If,
>for example, all of the browsers implement TLS 1.3 and are strict, then
>Amazon won't be able to deploy a buggy 1.3 implementation without noticing
>pretty quickly. You might suggest that that's aspiration to the point of
>delusion, but in fact it worked out pretty well with HTTP/2 deployment. We
>didn't squash ALL of the nasty bugs, but we got most of them.
It also means you're going to be in for a rude shock when you encounter the
ocean of embedded/SCADA/IoT devices with non-mainstream TLS implementations.
The reason why HTTP/2 "works" is that it essentially forked HTTP, HTTP/2 for
Google, Amazon, etc, and the browser vendors, and HTTP 1.1 for everything
else that uses HTTP as its universal substrate. As a result there will be
two versions of HTTP in perpetuity, HTTP 1.1 and HTTP-whatever-the-current-
(Should I mention TLS-LTS here? :-).
TLS mailing list