On Thu, Jul 4, 2019 at 2:20 PM Leif Johansson <leifj@xxxxxx> wrote:
On 2019-07-04 22:13, Eric Rescorla wrote:
>
>
> On Thu, Jul 4, 2019 at 12:21 PM Nico Williams <nico@xxxxxxxxxxxxxxxx
> <mailto:nico@xxxxxxxxxxxxxxxx>> wrote:
>
> On Thu, Jul 04, 2019 at 08:31:47AM -0700, Eric Rescorla wrote:
> > Ignoring labelling for a moment, in a number of WGs (HTTP, TLS, and
> > QUIC) we have found it necessary to have full implementations and
> > large-scale deployments quite early in the design process, long before
> > anyone thinks that the document is done.
>
> I had that experience in mind.
>
> Except for QUIC (whose implementors and deployers understood and
> expected to have to make backwards-incompatible changes / move to HTTP/2
> and /3), HTTP/2 and TLS 1.3 didn't get widespread deployment during this
> process. But they did get some, and that "some deployment" was
> absolutely critical to their success.
>
>
> I don't want to nitpick about widespread, but we were seeing single
> digit fractions
> of Firefox connections with TLS 1.3 during this period. I would
> anticipate that
> QUIC will be similar.
>
> -Ekr
>
These are all success stories (TLS, QUIC...) that seem to follow the
pattern of a fairly tight knit community of comitted actors who are
willing to progress at roughly the same pace.
I was here when MSFT suddenly announced that a particular draft of
pkinit was going to get shipped in Active Directory krb and that was
that. Would we have gotten further down the road of practical interop
for asymmetric key authn in kerberos had we use the same pattern of
work as TLS 1.3 did? Maybe we're just better at this now? I doubt it.
I actually do think we are a bit better. In particular, the idea of having
"interop versions" that we all converge on and using protocol versions
on the wire that corresponds to the draft version seems to be key.
This may have been done in other protocols but at least from my
perspective, it took a while to get those idioms right.
You can lead the horse to water but you can't force it to drink
but to what extent is flexibility wrt the publication process enabling
this behaviour?
Yeah, I don't think enormously. This worked fine with the ID system.
As I said, what would be helpful for big protocols like TLS, QUIC, etc.
seems to me to be the ability to make "editorial" changes to the document
post-publication. I scare-quote editorial because it would also include
clarifying points that basically everyone agreed on but that could be
misinterpreted and would impede interop if there were multiple
interpretations.
-Ekr
