Eric Rescorla <ekr@xxxxxxxx> wrote:
>> and your description of how tls did this with 1.3, 'marked' versions of
>> internet-drafts, seemed to work well. and those with colder feet could
>> wait for the rfc. but i note that the triel implementations seemed not
>> to be deployed in production until the ietf sausage was made.
> I don't want to debate the precise meaning of production, but what I will
> say is that at in the case of TLS 1.3, we had pre-draft versions on in
> Release
> versions of Chrome and Firefox and serving live domains at Cloudflare
> (and I think Facebook and Google, but I'd have to check my notes). This
> was actually essential to finding problems because there are environments
> which will not run prerelease software.
I agree how valuable it was.
But, the parties involved all understood (in a deep way, up to product
managers, I expect) that there might be incompatible changes.
I have been through protocols with obvious flaws waiting for a zero-day bugs
where I could not get a fix in ID-07 because "it's been deployed".
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature
