Comment by mcpherrinm a day ago
Well, my only real point is that it’s not the version negotiation in TLS that’s broken. It’s the workaround for intolerance of newer versions that had downgrade attacks.
Fortunately that’s all behind us now, and transitioning from 1.2 to 1.3 is going much smoother than 1.0 to 1.2 went.
The service providers were the worst offenders here because they wanted to be the MIM to be able to look at the data and “add value” to their networks some how. Moving to TLS 1.3 took a lot of that away from them and it was only Google’s market power that could break them.
Similar thing has been happening with email sender auth, with Gmail and other big providers enforcing things
Any chance that can be used to undo lots of the ossification that made QUIC a UDP based hack rather than it's own level 4 protocol?
Basically none.
First the success rate of any new IP-based protocol through most devices is incredibly low, especially now that NAT is so common.
Second, part of why QUIC runs over UDP is because the operating system generally won't let applications send raw IP datagrams.
Even running over UDP, QUIC has nontrivial failure rates and the browsers have to fall back to TLS over TCP.
It's probably too hard to get NATs to agree on a new L4 protocol.
One of the big differences was in attitude. The TLS 1.3 anti-downgrade feature was not compatible with some popular middlebox products. Google told people too bad, either your vendor fixes it (most shipped free bug fixes for this issue, presumably "encouraged" by the resulting customer anger) or you can't run Chrome once this temporary fudge goes away in a year's time.
Previously (in earlier protocol versions) nobody stood up to the crap middleboxes even though it's bad for all normal users.