Folks, I just uploaded draft-13. Changelog appended at the bottom of this message.
The following nontrivial issues are outstanding: - How to encrypt post-handshake messages (post-handshake client auth, NewSessionTicket, etc.). I'm having a discussion now with the cryptographers about this. - Allowing multiple session tickets in NewSessionTicket (https://github.com/tlswg/tls13-spec/pull/466). I think this is OK but please take a look. - The rules for how closely extensions need to match in 0-RTT. I am starting to think that Ilari is right that the current "check everything for match" is too strict, so expect a new PR for this in the next few days. I want to resolve these this week and then publish -14 soon after. -Ekr Changes: - Allow server to send SupportedGroups. - Remove 0-RTT client authentication - Remove (EC)DHE 0-RTT. - Flesh out 0-RTT PSK mode and shrink EarlyDataIndiation - Turn PSK-resumption response into an index to save room - Move CertificateStatus to an extension - Extra fields in NewSessionTicket. - Restructure key schedule and add a resumption_context value. - Require DH public keys and secrets to be zero-padded to the size of the group. - Remove the redundant length fields in KeyShareEntry. - Define a cookie field for HRR.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
