IETF 125: Transport Layer Security (TLS) 2026-03-20 06:00

The TLS Working Group wrapped up its IETF 125 session by reviewing several high‑priority items, notably the extended key‑update draft for TLS 1.3, a proposal to ban ephemeral key reuse, and ongoing liaison work on post‑quantum cryptography. Participants were reminded of procedural norms—using the queue, stating name and affiliation, and providing explicit "I support" or "I do not support" votes—to accelerate document progression. Key discussions centered on moving the key‑reuse prohibition from an appendix into the main body of RFC 8446 bis, with a draft PR already circulating. The group also examined the pure‑MLKEM (post‑quantum) proposal, weighing hybrid schemes against pure ones; many raised concerns that pure MLKEM lacks the dual‑hardness guarantees hybrids provide. A targeted consensus call will be issued to address three outstanding points, including text on preferring hybrids and clarifying security guarantees. Notable remarks included a participant’s assertion that "if TLS 1.3 forbids key reuse, most formal‑verification issues disappear," and another’s warning that "pure MLKEM is less well understood, so we need rigorous analysis before standardization." The chairs emphasized that OpenSSL already supports pure MLKEM, albeit not as the default, underscoring the gap between implementation readiness and normative guidance. The outcomes will shape the next TLS specification cycle: a stricter key‑reuse policy could harden handshake security, while the hybrid‑first stance may delay pure post‑quantum deployment until broader cryptographic consensus is achieved. Both decisions affect vendors, cloud providers, and any service relying on TLS for confidentiality and integrity.