Re: [TLS] Deployment ... Re: This working group has failed
Taylor Hornby <havoc@defuse.ca> Sat, 16 November 2013 18:10 UTC
Return-Path: <havoc@defuse.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 134B711E8100 for <tls@ietfa.amsl.com>; Sat, 16 Nov 2013 10:10:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HAiWrFzufGb for <tls@ietfa.amsl.com>; Sat, 16 Nov 2013 10:09:58 -0800 (PST)
Received: from defuse.ca (defuse.ca [192.99.8.82]) by ietfa.amsl.com (Postfix) with ESMTP id 2BF4211E80E3 for <tls@ietf.org>; Sat, 16 Nov 2013 10:09:57 -0800 (PST)
Received: from [192.168.1.102] (S01065404a6902716.cg.shawcable.net [174.0.254.229]) by defuse.ca (Postfix) with ESMTPSA id B7A621006D1 for <tls@ietf.org>; Sat, 16 Nov 2013 13:10:05 -0500 (EST)
Message-ID: <5287B4F6.1060102@defuse.ca>
Date: Sat, 16 Nov 2013 11:09:58 -0700
From: Taylor Hornby <havoc@defuse.ca>
Organization: https://defuse.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: tls@ietf.org
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net>
In-Reply-To: <52874576.9000708@gmx.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Nov 2013 18:10:03 -0000
On 11/16/2013 03:14 AM, Hannes Tschofenig wrote: > To be positive and constructive in the discussion I wonder what could be > done to improve the situation. > > Does the OpenSSL and the GnuTLS projects (and other projects) need more > contributors? > > Is there more awareness building needed to get companies to understand > what the different libraries provide and why they should use a > particular version? > > Where does the delay come from? > Firefox is one of the last browsers to get TLS 1.1 and TLS 1.2 support. It's still not enabled by default in the stable release. Looking at their development history is probably the best place to start. TLS 1.1: https://bugzilla.mozilla.org/show_bug.cgi?id=565047 https://bugzilla.mozilla.org/show_bug.cgi?id=733647 TLS 1.2: https://bugzilla.mozilla.org/show_bug.cgi?id=480514 https://bugzilla.mozilla.org/show_bug.cgi?id=861266 Most of the delay seems to be in Bug 565047. TLS 1.1 was standardized in 2006, but the *ticket* to implement TLS 1.1 was created FOUR YEARS later. Then, once it was, it took TWO YEARS to implement. Non-compliant servers are wasting a ton of time in QA, too: https://bugzilla.mozilla.org/show_bug.cgi?id=733647#c48 https://bugzilla.mozilla.org/show_bug.cgi?id=839310 Why doesn't TLS's fallback mechanism work? So, it seems to me that: 1. The most significant delay is between when the standard is released and when vendors realize they have to implement it. Until there's a problem with the old version, they're hardly thinking about it. 2. Once they do realize it's necessary, it takes a long time to implement. -- Taylor Hornby
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski