**Session Date/Time:** 28 Mar 2023 04:00 # tls ## Summary This TLS working group meeting covered a range of topics, including the status of existing drafts, discussions on Encrypted Client Hello (ECH), hybrid key exchange, compact TLS, and the potential deprecation of TLS 1.2. Key decisions revolved around initiating working group last calls for several drafts and crafting a statement regarding the future of TLS 1.2. ## Key Discussion Points * **Encrypted Client Hello (ECH):** Experiments are ongoing with Firefox and Outlook. The goal is to gather enough data to move forward, but technical and non-technical hurdles remain. Rich Salz requested Dns or Http areas ask about service binding records * **8447 Bis and 8446 Bis:** Joe Salow presented updates and called for reviews. Emphasis on registry review to ensure correct discouragement markings. * **Compact TLS:** Formal analysis is underway, and implementation is progressing in embed TLS. There's a need for more implementations to facilitate interoperability testing. A self limiting extensions field was added. * **Hybrid Key Exchange:** A proposal to name specific drafts for key exchange combinations raised concerns. Simple key combination was favored, but Cf g discussion is ongoing. * **Service Binding and Encrypted Client Hello (ECH):** ECH-related text was cut from the service binding draft and moved to a new draft, proposed for adoption by the TLS working group. * **Merkle Tree Certificates:** David Benjamin presented a new certificate format based on Merkle trees aimed at reducing the size of post-quantum signatures. Design considerations included agility, minimizing size, and fast automated issuance, trading off issuance time. * **Compact Encoding for P-256:** Defines compact fixed length encoding for elliptic curve points and Easy DSA signatures. Question of whether Tls want to use in Ct. * **Discouraging Weak Crypto:** Proposed discouraging key exchange without forward secrecy, null encryption, key exchange with less than 128-bit security, and SHA-1 signatures. * **Plain Packet Numbers:** Proposed allowing plain packet numbers in TLS 1.3 for high-performance computing environments to reduce encryption overhead. * **TLS 1.2 Deprecation:** Discussion about signaling the end of TLS 1.2 development and encouraging TLS 1.3 adoption. ## Decisions and Action Items * **8447 Bis and 8446 Bis:** Initiate working group last call for both documents (3 weeks). * **Hybrid Key Exchange:** Scott will construct a consensus call message regarding minting new code points targeting the round three specification of C. * **ECH and Service Binding:** Initiate a consensus call on the mailing list for adopting the new service binding draft in TLS. * **Compact Encoding for P-256:** Defer working group call for adoption for one month. * **Discouraging Weak Crypto:** John will update the draft based on feedback and the group will revisit before the next meeting. * **Plain Packet Numbers:** Boris will talk to chairs about the process. * **TLS 1.2 Deprecation:** Rich Salz volunteered to write a draft statement with the following key points: * The TLS working group will stop working on TLS 1.2. * New protocols should have a baseline of TLS 1.3. * The WG acknowledges increasing TLS 1.3 usage. * Greg Wood would love to provide blog post to help drive awareness. ## Next Steps * Post last call for 8447 Bis and 8446 Bis. * Address open issues for Compact TLS on Github. * Resolve the key combine issue in the hybrid key exchange draft in Cf g. * Construct and post a consensus call for adopting the new service binding draft. * Reach out to individuals who provided numbers so Greg Wood can talk to them regarding blog posts. * Revisit the compact encoding and weak crypto drafts for potential adoption. * Boris will talk to chairs about Plain Packet Numbers. * Rich will write a draft regarding TLS 1.2 deprecation.