Re: [TLS] Deployment ... Re: This working group has failed
Hannes Tschofenig <hannes.tschofenig@gmx.net> Sun, 17 November 2013 10:30 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3865B11E8A84 for <tls@ietfa.amsl.com>; Sun, 17 Nov 2013 02:30:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S8PQ0x4sXJbY for <tls@ietfa.amsl.com>; Sun, 17 Nov 2013 02:30:42 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id B1CB011E810A for <tls@ietf.org>; Sun, 17 Nov 2013 02:30:41 -0800 (PST)
Received: from masham-mac.home ([81.164.176.169]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lh7M3-1VNnlf1yv1-00oW2B for <tls@ietf.org>; Sun, 17 Nov 2013 11:30:40 +0100
Message-ID: <52889ACF.3050302@gmx.net>
Date: Sun, 17 Nov 2013 11:30:39 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: Taylor Hornby <havoc@defuse.ca>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <5287B4F6.1060102@defuse.ca>
In-Reply-To: <5287B4F6.1060102@defuse.ca>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:XWlU0kdrbi+iz/3ebK+b18kWh9d0UwvVKMsGQ3TKVYl20C8rDyV qw83m+HFUM8fwP7EKPJzb0zD4PViWuZ9Y3N3uFCpHP0yYJRP62y0/uPVY6XNyaYZmJr+x8h xZOG6z0U8sSJFW7iaYS/l32tylhukW3NlMfOQhY42kpug/t+ExQISXMJZPqOtZtbKmUqxu9 YtSi4nrgv/3f5PfSKnzMg==
Cc: tls@ietf.org
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2013 10:30:47 -0000
Hi Taylor, Would be interesting to hear from someone working for Mozilla (like Ekr, our TLS WG chair) why things are progressing so slowly and what exactly their problem is. Ciao Hannes Am 16.11.13 19:09, schrieb Taylor Hornby: > On 11/16/2013 03:14 AM, Hannes Tschofenig wrote: >> To be positive and constructive in the discussion I wonder what could be >> done to improve the situation. >> >> Does the OpenSSL and the GnuTLS projects (and other projects) need more >> contributors? >> >> Is there more awareness building needed to get companies to understand >> what the different libraries provide and why they should use a >> particular version? >> >> Where does the delay come from? >> > > Firefox is one of the last browsers to get TLS 1.1 and TLS 1.2 support. > It's still not enabled by default in the stable release. Looking at > their development history is probably the best place to start. > > TLS 1.1: > > https://bugzilla.mozilla.org/show_bug.cgi?id=565047 > https://bugzilla.mozilla.org/show_bug.cgi?id=733647 > > TLS 1.2: > > https://bugzilla.mozilla.org/show_bug.cgi?id=480514 > https://bugzilla.mozilla.org/show_bug.cgi?id=861266 > > Most of the delay seems to be in Bug 565047. TLS 1.1 was standardized in > 2006, but the *ticket* to implement TLS 1.1 was created FOUR YEARS > later. Then, once it was, it took TWO YEARS to implement. > > Non-compliant servers are wasting a ton of time in QA, too: > > https://bugzilla.mozilla.org/show_bug.cgi?id=733647#c48 > https://bugzilla.mozilla.org/show_bug.cgi?id=839310 > > Why doesn't TLS's fallback mechanism work? > > So, it seems to me that: > > 1. The most significant delay is between when the standard is released > and when vendors realize they have to implement it. Until there's a > problem with the old version, they're hardly thinking about it. > > 2. Once they do realize it's necessary, it takes a long time to implement. >
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski