Re: [TLS] Deployment ... Re: This working group has failed

Hannes Tschofenig <hannes.tschofenig@gmx.net> Sun, 17 November 2013 10:30 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3865B11E8A84 for <tls@ietfa.amsl.com>; Sun, 17 Nov 2013 02:30:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S8PQ0x4sXJbY for <tls@ietfa.amsl.com>; Sun, 17 Nov 2013 02:30:42 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id B1CB011E810A for <tls@ietf.org>; Sun, 17 Nov 2013 02:30:41 -0800 (PST)
Received: from masham-mac.home ([81.164.176.169]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lh7M3-1VNnlf1yv1-00oW2B for <tls@ietf.org>; Sun, 17 Nov 2013 11:30:40 +0100
Message-ID: <52889ACF.3050302@gmx.net>
Date: Sun, 17 Nov 2013 11:30:39 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: Taylor Hornby <havoc@defuse.ca>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <5287B4F6.1060102@defuse.ca>
In-Reply-To: <5287B4F6.1060102@defuse.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:XWlU0kdrbi+iz/3ebK+b18kWh9d0UwvVKMsGQ3TKVYl20C8rDyV qw83m+HFUM8fwP7EKPJzb0zD4PViWuZ9Y3N3uFCpHP0yYJRP62y0/uPVY6XNyaYZmJr+x8h xZOG6z0U8sSJFW7iaYS/l32tylhukW3NlMfOQhY42kpug/t+ExQISXMJZPqOtZtbKmUqxu9 YtSi4nrgv/3f5PfSKnzMg==
Cc: tls@ietf.org
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2013 10:30:47 -0000

Hi Taylor,

Would be interesting to hear from someone working for Mozilla (like Ekr, 
our TLS WG chair) why things are progressing so slowly and what exactly 
their problem is.

Ciao
Hannes

Am 16.11.13 19:09, schrieb Taylor Hornby:
> On 11/16/2013 03:14 AM, Hannes Tschofenig wrote:
>> To be positive and constructive in the discussion I wonder what could be
>> done to improve the situation.
>>
>> Does the OpenSSL and the GnuTLS projects (and other projects) need more
>> contributors?
>>
>> Is there more awareness building needed to get companies to understand
>> what the different libraries provide and why they should use a
>> particular version?
>>
>> Where does the delay come from?
>>
>
> Firefox is one of the last browsers to get TLS 1.1 and TLS 1.2 support.
> It's still not enabled by default in the stable release. Looking at
> their development history is probably the best place to start.
>
> TLS 1.1:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=565047
> https://bugzilla.mozilla.org/show_bug.cgi?id=733647
>
> TLS 1.2:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=480514
> https://bugzilla.mozilla.org/show_bug.cgi?id=861266
>
> Most of the delay seems to be in Bug 565047. TLS 1.1 was standardized in
> 2006, but the *ticket* to implement TLS 1.1 was created FOUR YEARS
> later. Then, once it was, it took TWO YEARS to implement.
>
> Non-compliant servers are wasting a ton of time in QA, too:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=733647#c48
> https://bugzilla.mozilla.org/show_bug.cgi?id=839310
>
> Why doesn't TLS's fallback mechanism work?
>
> So, it seems to me that:
>
> 1. The most significant delay is between when the standard is released
> and when vendors realize they have to implement it. Until there's a
> problem with the old version, they're hardly thinking about it.
>
> 2. Once they do realize it's necessary, it takes a long time to implement.
>