Preventing downgrade attacks could be done by blacklisting known-bad versions, no?
Assuming all future versions are bad leads to situations like this, where TLS 1.3 (and presumably all future versions) have to tunnel through a pseudo-TLS 1.2 connection.
Again, assuming all future versions are bad is _fine_ if that's what you want to do.
Responding to a peer that says "I know TLS 1.3" with "Too bad, we're talking TLS 1.2" was and is entirely in obedience with the specifications. As far as I know _every_ major middlebox on the market today now does this in their latest versions, most of them advertised this as "TLS 1.3 now supported"‡
But for "security" vendors silently being secure doesn't sell products, they would rather have an alarm "TLS Protocol Attack prevented!" and block the connection. Doesn't make you any safer, but that was never their priority. It's also easier for them to do than correctly implementing the protocol.
‡ In much the same way that "HD Ready" televisions "supported" High Definition television. In that you couldn't watch HD TV on those televisions, but hey, it was "supported"... those televisions existed in the same universe where HD TV existed. Likewise, modern Cisco or Palo Alto Networks middleboxes "support" TLS 1.3 by saying they want to talk TLS 1.2 instead...
Assuming all future versions are bad leads to situations like this, where TLS 1.3 (and presumably all future versions) have to tunnel through a pseudo-TLS 1.2 connection.