Comment by upofadown

Comment by upofadown 21 hours ago

9 replies

View on Hacker News

Well you can, but that would require a higher level of political skill than normally exists for such things. What would have to happen is that almost everyone would have to agree on the new version and then implement it. Once implementation was sufficiently high enough then you have a switchover day.

The big risk with such an approach is that you could implement something, then the politics could fail and you would end up with nothing.

The big downside of negotiation is that no one ever has to commit to anything so everything is possible. In the case of TLS, that seems to have led to endless bikeshedding which has created a standard which has so many options is is hardly a standard anymore. The only part that has to be truly standard is the negotiation scheme.

ekr____ 20 hours ago

This seems like a truly unreasonable level of political skill for nearly any setting. We're talking about changing every endpoint in the Internet, including those which can no longer be upgraded. I struggle to think of any entity or set of entities which could plausibly do that.

Moreover, even in the best case scenario this means that you don't get the benefits of deployment for years if not decades. Even 7 years out, TLS 1.3 is well below 100% deployment. To take a specific example here: we want to deploy PQ ciphers ASAP to prevent harvest-and-decrypt attacks. Why should this wait for 100% deployment?

> The big downside of negotiation is that no one ever has to commit to anything so everything is possible. In the case of TLS, that seems to have led to endless bikeshedding which has created a standard which has so many options is is hardly a standard anymore. The only part that has to be truly standard is the negotiation scheme.

I don't think this is really that accurate, especially on the Web. The actual widely in use options are fairly narrow.

TLS is used in a lot of different settings, so it's unsurprising that there are a lot of options to cover those settings. TLS 1.3 did manage to reduce those quite a bit, however.

Reply View 3 replies
  • Sophira 20 hours ago

    > This seems like a truly unreasonable level of political skill for nearly any setting. We're talking about changing every endpoint in the Internet, including those which can no longer be upgraded. I struggle to think of any entity or set of entities which could plausibly do that.

    Case in point: IPv6 adoption. There's no interoperability or negotiation between it and IPv4 (at least, not in any way that matters), which has led to the mess we're in today.

    Reply View 2 replies
    • vladvasiliu 18 hours ago

      Many servers and clients support both ipv4 and ipv6. So, in a sense, there's a "negotiation" happening between client and server.

      Reply View 1 reply
      • happyopossum 17 hours ago

        That’s not negotiating- I can’t connect to a server over v4 and have it tell me to switch to v6 or vice versa. That’s just supporting 2 completely different protocols.

        Reply View 0 replies
drob518 19 hours ago

That’s a great theory but in practice such a “flag day” almost never happens. The last time the internet went through such a change was January 1, 1983, when the ARPANET switched from NCP to the newly designed TCP/IP. People want to do something similar on February 1, 2030, to remove IPv4 and switch totally to IPv6, but I give it a 50/50 chance of success, and IPv6 is already about 30 years old. See https://ipv4flagday.net/

Reply View 2 replies
  • upofadown 17 hours ago

    You don't have to have everyone switch over on the same day as with your example. Once it is decreed that implementations are widespread enough, then everyone can switch over to the introduced thing gradually. The "flag day" is when it is decreed that implementations no longer have to support some previously widely used method. Support for that method would then gradually disappear unless there was some associated cryptographic emergency that could not be dealt with without changing the standard.

    Reply View 1 reply
    • ekr____ 16 hours ago

      Well, this is basically what we do, except that we try to negotiate to the highest version during the period before the flag day. This is far more practical for three reasons:

      1. You actually get benefit during the transition period because you get to use the new version.

      2. You get to test the new version at scale, which often reveals issues, as it did with TLS 1.3. It also makes it much easier to measure deployment because you can see what is actually negotiated.

      3. Generally, implementations are very risk averse and so aren't willing to disable older versions until there is basically universal deployment, so it takes the pressure off of this decision.

      Reply View 0 replies
freeone3000 21 hours ago

> The big risk with such an approach is that you could implement something, then the politics could fail and you would end up with nothing.

They learned the lesson of IPv6 here.

Reply View 0 replies
thayne 15 hours ago

> that seems to have led to endless bikeshedding which has created a standard which has so many options is is hardly a standard anymore

Part of the motivation of TLS 1.3 was to mitigate that. It removed a lot of options for negotiating the ciphersuite.

Reply View 0 replies