Hi! At the IETF 117 TLS session we discussed the following: * ECH (draft-ietf-tls-esni and draft-ietf-tls-wkech): We learned about existing deployment experiments with Firefox, Chrome, and Cloudflare. Some issues are being investigated and more experiments are going to be done, but the experiments returned encouraging results. Based on these, the author team plans to move into a mode of either addressing or closing issues with a plan for a new version of the ECH I-D to be released sometime around IETF 118. The ultimate goal is to get the ECH I-D to the IESG sometime in early 2024 (assumes everything goes smoothly).
* Abridged Certificates (draft-jackson-tls-cert-abridge): This is a new certificate compression scheme that looks very promising. The sense of the room was positive and the chairs will issue a WG call for adoption shortly. * TLS 1.2 is Frozen (draft-rsalz-tls-tls12-frozen): The I-D is going to be split in two. The part that provides how to use any guidance into UTA. The part that stays will be the text (possibly short) that says TLS 1.2 is feature frozen. * Update on post-quantum signatures (from NIST): NIST is running another round of their competition because there aren't any good, performant and small, signature algorithms yet. Many of the algorithms have already fallen. We will see how the process ends. * An AOB topic about Exported Authenticators: There is some interest from the HTTPbis WG in the possibility of clients just client certificate without being requested by server. Will need security proofs. Cheers, spt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
