TLS WG at IETF 112

# Administrivia
Agenda: no changes from what was shown
Doc status: see slides

# Exported Authenticators (Sean)

One comment from Ben, JHoyland has including a PR to address.

EKR says the tet is not clear enough. DKG agrees.

# TLS Flags (Yoav)

Open issues:
1. IANA expert guidance; keep or delete?
  Martin things specificity is too detailed
  EKR: Reserve 0-7 or 0-15 and that's it.
  Martin to propose alternative text.
2. Recommended field in the registry.
  Intended to be like 8447, section 5. Need more words?
  Ekr: let's wait for 8447 discussion.
  Sean: point to 8447 and move on; 8447bis would update this.
3. Enable this for DTLS 1.2?
  Discussion.  See also the jabber chat.
  Sean: let's leave it as-is.

# DTLS 1.3 (ekr)

In Auth48. Two substantive issues.

1. Rekeying is too small.  PR 255 or 257; suggest 257.
  Consensus to do 257.

2. Handshake transcript issue 247.  DTLS handshake is not like TLS.
  Ekr to prepare a PR that makes it like TLS 1.3

# ECH Implementation Report (Chris)

-13 is the interop/deployment target. Open issues parked until we
have more experience. Several implementations; add yourself to
the wiki in the ECH repo in GitHub (or as Chris for pointers).
Mentioned some implementation sharp edges/red flags; to be added
to the wiki. Stephen says more news is good; Chris says intent is
to report places to be careful, not to say this can't be done.

Continuing with -13 until next IETF meeting (at least).

# 8447bis and the IANA TLS Recommended Column (Joe)

Current definition does not provide enough information (e.g.,
not evaluated or not commended always/sometimes, etc). Current
proposal Y/N(with ref)/blank and add note saying "code point
does not imply endorsement".
  Martin says "recommended" is really "the IETF view on this"
  Stephen favors status quo.
  More discussion.

Experimental code point range. Call for adoption after a doc update.

# Drafts tls-pemesni and wkesni drafts (Stephen)

First is how to do PEM format for ESNI private keys. Second is
a well-known URI for DNS ESNI config. Chat off-line for updating
and proposal.

# Psuedorandom cTLS (Ben)

-00 draft; intended to be experimental. Sits between cTLS and
the transport. conceals which template is being used, ensures
bitstream is only decodable by participants. See slides for
some details.

Seeking WG input on the primitives, constructs, how to do
formal analysis, etc. Might ask for adoption later.

# Zero-knowledge proofs and TLS (Paul Grubbs)

Recap of network boxes, etc., inspecting packets, RSA-style
static decryption, etc. Summary of ZK proof.

ZKMB, zero-kowledge middlebox. Client joins network, ZKMB
sends policy. Client enforces policy, sends ZK proof to show
it complied with the policy.