SSL/TLS is bloated but that's not a reason not to use it.
Rather it's a reason we need some TLSv2 that just removes the crap and focuses only on three encryption/authentication modes:
* Desktop: High throughput, lots of CPU, minimal latency
* IoT: small throughput, very little CPU, latency acceptable
* Mobile: small to medium throughput, some CPU, minimize latency
A lot of bloated protocols are still good, they're bloated because backwards compatibility and everyone and their kitchensink needs to be able to decode it.
It seems to make more sense to just have ONE that can accommodate all those scenarios in a secure way. One doesn't solve bloat by introducing more bloat.
I'd say more can be won by removing e.g. ASN.1 and X.509 for certificate handling and encoding that are a very difficult (impossible?) to get right and switch to something simple that solves the 99% use case of current TLS.
Rather it's a reason we need some TLSv2 that just removes the crap and focuses only on three encryption/authentication modes:
* Desktop: High throughput, lots of CPU, minimal latency * IoT: small throughput, very little CPU, latency acceptable * Mobile: small to medium throughput, some CPU, minimize latency
A lot of bloated protocols are still good, they're bloated because backwards compatibility and everyone and their kitchensink needs to be able to decode it.