> On 22 Sep 2016, at 8:11 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Martin Thomson <martin.thom...@gmail.com> writes:
>> The advantage with deploying a new protocol is that you can be strict. If, 
>> for example, all of the browsers implement TLS 1.3 and are strict, then 
>> Amazon won't be able to deploy a buggy 1.3 implementation without noticing 
>> pretty quickly.  You might suggest that that's aspiration to the point of 
>> delusion, but in fact it worked out pretty well with HTTP/2 deployment.  We 
>> didn't squash ALL of the nasty bugs, but we got most of them.
> It also means you're going to be in for a rude shock when you encounter the
> ocean of embedded/SCADA/IoT devices with non-mainstream TLS implementations.
> The reason why HTTP/2 "works" is that it essentially forked HTTP, HTTP/2 for
> Google, Amazon, etc, and the browser vendors, and HTTP 1.1 for everything 
> else that uses HTTP as its universal substrate.  As a result there will be 
> two versions of HTTP in perpetuity, HTTP 1.1 and HTTP-whatever-the-current-
> version-is.

Perhaps. But if at some point all websites use 
HTTP-whatever-the-current-version-is then maybe browsers can remove support for 
HTTP/1.1 and then your embedded/SCADA/IoT devices won’t give us that rude shock.

I honestly don’t think that having two protocols for these two radically 
different use cases is a bad outcome.


TLS mailing list

Reply via email to