> On 22 Sep 2016, at 8:11 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > > Martin Thomson <martin.thom...@gmail.com> writes: > >> The advantage with deploying a new protocol is that you can be strict. If, >> for example, all of the browsers implement TLS 1.3 and are strict, then >> Amazon won't be able to deploy a buggy 1.3 implementation without noticing >> pretty quickly. You might suggest that that's aspiration to the point of >> delusion, but in fact it worked out pretty well with HTTP/2 deployment. We >> didn't squash ALL of the nasty bugs, but we got most of them. > > It also means you're going to be in for a rude shock when you encounter the > ocean of embedded/SCADA/IoT devices with non-mainstream TLS implementations. > The reason why HTTP/2 "works" is that it essentially forked HTTP, HTTP/2 for > Google, Amazon, etc, and the browser vendors, and HTTP 1.1 for everything > else that uses HTTP as its universal substrate. As a result there will be > two versions of HTTP in perpetuity, HTTP 1.1 and HTTP-whatever-the-current- > version-is.
Perhaps. But if at some point all websites use HTTP-whatever-the-current-version-is then maybe browsers can remove support for HTTP/1.1 and then your embedded/SCADA/IoT devices won’t give us that rude shock. I honestly don’t think that having two protocols for these two radically different use cases is a bad outcome. Yoav _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls