Comment by tialaramex

Comment by tialaramex a day ago

5 replies

View on Hacker News

One of the big differences was in attitude. The TLS 1.3 anti-downgrade feature was not compatible with some popular middlebox products. Google told people too bad, either your vendor fixes it (most shipped free bug fixes for this issue, presumably "encouraged" by the resulting customer anger) or you can't run Chrome once this temporary fudge goes away in a year's time.

Previously (in earlier protocol versions) nobody stood up to the crap middleboxes even though it's bad for all normal users.

drob518 20 hours ago

The service providers were the worst offenders here because they wanted to be the MIM to be able to look at the data and “add value” to their networks some how. Moving to TLS 1.3 took a lot of that away from them and it was only Google’s market power that could break them.

Reply View 1 reply
  • frollogaston 13 hours ago

    Similar thing has been happening with email sender auth, with Gmail and other big providers enforcing things

    Reply View 0 replies
adgjlsfhk1 14 hours ago

Any chance that can be used to undo lots of the ossification that made QUIC a UDP based hack rather than it's own level 4 protocol?

Reply View 2 replies
  • ekr____ 10 hours ago

    Basically none.

    First the success rate of any new IP-based protocol through most devices is incredibly low, especially now that NAT is so common.

    Second, part of why QUIC runs over UDP is because the operating system generally won't let applications send raw IP datagrams.

    Even running over UDP, QUIC has nontrivial failure rates and the browsers have to fall back to TLS over TCP.

    Reply View 0 replies
  • frollogaston 13 hours ago

    It's probably too hard to get NATs to agree on a new L4 protocol.

    Reply View 0 replies