**Session Date/Time:** 06 Nov 2023 08:30 ```markdown # tls ## Summary This TLS working group meeting covered a wide range of topics, including the status of existing drafts (8446bis, DTLS 1.2/1.3, TLS Flags), discussions around ECH (Encrypted Client Hello), cipher suite deprecation, key log draft adoption, post-quantum key exchange mechanisms (OffCam), TLS 1.2 extensions, legacy code point introduction in TLS 1.3, key share ambiguity in TLS 1.3, Trust Expressions, client certificate flags, and other drafts regarding TLS. Decisions were made regarding merging PRs for ECH and adopting the SSL key log draft. Several drafts were deemed ready for working group last call. ## Key Discussion Points * **8446bis Status:** The document is nearly ready for publication, pending some final sentence adjustments based on David Benjamin's drafts and wrapping up of April 7bis. * **DTLS 1.2/1.3 Status:** No implementations were found, so early code point assignment is planned. * **TLS Flags Status:** Stalled due to lack of implementations. Jonathan has a new draft that may unblock this. * **ECH Discussion:** Concerns regarding the overview and deployment considerations in the ECH draft were raised. A PR was suggested for improving the overview. Discussions revolved around the public name, padding, acceptance signal for non-HRR paths, and extensibility mechanisms within the ECH configuration. * **8447bis (Cipher Suites):** The draft discourages curves less than 255 bits, null encryption, anonymous cipher suites, export cipher suites, Adia, and RC4. Discussion about deprecating Triple DES. * **SSL Key Log Draft:** The working group will adopt this draft with volunteers to review and edit. * **OffCam (Post-Quantum Authentication):** The draft has been split into two proposals: key exchange and can base PSK. Tom requested comments and support for moving towards working group adoption. Security properties and integration with TLS 1.3 were discussed. * **TLS 1.2 Extensions:** No new extensions will be accepted, except for ALPN and key exporter labels. New extensions should have a comment for TLS 1.3 or later. * **Legacy Code Points in TLS 1.3:** A proposal to reintroduce RSA PKCS code points for TLS 1.3 in the client certificate verifier message was presented due to issues with cryptographic devices. The feature will be disabled by default. * **Key Share Ambiguity in TLS 1.3:** David Benjamin presented a draft to clarify the semantics of key shares and address potential issues with server selection algorithms, especially in the context of post-quantum key exchange. * **TLS Trust Expressions:** Devin O'Brien introduced TLS Trust Expressions as a way to communicate trusted CAs to subscribers and support certificate selection mechanisms. Aimed to solve key rotation issues. * **Client Certificate Flags:** Discussed a draft for using TLS flags to indicate client certificate configuration, primarily for bot authentication. * **Turbo TLS and Batch Signing:** Two drafts were briefly mentioned with attendees directed to mailing list for discussion. ## Decisions and Action Items * **ECH:** Merge the PR related to the public name compatibility issue. * **ECH:** Proceed with closing the remaining issues and initiating a working group last call, targeting a longer than usual timeframe to account for holidays. * **DTLS 1.2/1.3:** Request early code point assignment. * **SSL Key Log Draft:** Adopt the draft and seek reviewers. * **8447bis:** Proceed with working group last call. * **TLS 1.2 Extension Draft:** Adopt the draft and proceed with working group last call. * **Legacy Code Points in TLS 1.3:** Adopt the draft. * **TLS Flags Draft:** Take to mailing list to gather interest in implementation. ## Next Steps * Authors to prepare new revisions of drafts based on meeting discussions. * Chairs to initiate working group last calls for approved drafts. * Discussion on the mailing list for open issues and new proposals, especially regarding key share semantics, TLS Trust Expressions, TurboTLS and Batch Signing.