Well, my only real point is that it’s not the version negotiation in TLS that’s broken. It’s the workaround for intolerance of newer versions that had downgrade attacks.

Fortunately that’s all behind us now, and transitioning from 1.2 to 1.3 is going much smoother than 1.0 to 1.2 went.

> I always bring it up as a good example to contrast with XMPP as a bad example.

Could you expand a bit here? Do you just mean how extensions to the protocol are handled, etc., or the overall process and involved parties?