> However, it seems that changing TLS 1.3 in slight ways that make it look more like TLS 1.2 may make it possible to bring the failure rate down to an acceptable level. How these changes look is unclear, as it hasn’t been discussed in public.
Or they could name and shame the makers of such devices?
More than anything I worry that this could lead to some weakness being discovered in 1.3 later on because they're making these compromises to cater to lazy middle-box providers.
It's not just the box providers, it's the customers doing in-house testing, scheduling CRs, and deploying the upgrades to dozens or even hundreds of devices that are inherently A) complex in their operation and B) cause outages if they're not perfectly stable.
On the vendor side of things, it can take a while to integrate such a substantial change to a complex device codebase in a stable way, and roll those changes in to a long-term support version that customers are willing to deploy.
There's also a significant risk for hardware vendors to build support for protocols before the spec is finalized - making customers upgrade inline hardware twice is twice as difficult.
Or they could name and shame the makers of such devices?
More than anything I worry that this could lead to some weakness being discovered in 1.3 later on because they're making these compromises to cater to lazy middle-box providers.