Yoav, Let me make a correction to your scenario:. Instead of: "You’ll need it for Chrome to work with Google." it's: "You’ll need it for Chrome to work with Google, Facebook, and most of the 10% of Alexa top million sites that are using Cloudflare."
TLS 1.3 (in on draft version or another) is very widely deployed on the server side. Enabling it by default in a major browser would break enough of the Internet that both middlebox vendors and enterprises/ISP who use them will take notice. The browser vendors will have to do their own calculus around whether or not the ecosystem benefits of accelerating the deployment of TLS 1.3 compatibility by deploying no-downgrade TLS 1.3 defaults outweigh the business costs associated with the potential harm to their relationships with enterprises. For example, Chrome has a history of making large bets that break a portion of the internet in order to force ecosystem changes (see SHA-1, SSLv3). However, these have been projects with gradual changes and long lead times. Also, the failure rates introduced by such changes were well below 2% of all connections. Furthermore, these changes typically revolved around server changes (updating certs, changing configurations) not software/firmware updates to devices. I don't want to speak for browser vendors, but history suggests that Option 3) may not be a viable one for browsers with a significant market share. Nick On Sat, Oct 7, 2017 at 1:33 PM Yoav Nir <ynir.i...@gmail.com> wrote: > On 7 Oct 2017, at 4:01, Salz, Rich <rs...@akamai.com> wrote: > > Thanks very much for the update. > > There is a third option, name the devices which are known to cause > problems, and move forward with the draft as-is. > > > +1. I like this third option. > > 2. Tell all those vendors "You have 1 month to fix this. Fix it. Oh, > it's your customers who don't update? Seems you don't have any > reasonable update system. Call your customers, > > > Vendor: Hello customer. We have an update for you that will make TLS 1.3 > work. > > Customer: No way. We’re in the middle of the year-end processing. We’re > not making any configuration changes until the second week of January. > > Vendor: But it’s a simple fix. It will make things work better. You’ll > need it for Chrome to work with Google. > > Customer: What part of “not making any configuration changes” was not > clear to you!? > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
