Time and Place

The meetup will be held on Thursday, May 26 at the Mozilla (331 E. Evelyn Avenue) in Mountain View (directions).
Mozilla offices are well connected by public transportation (Moutain View Caltrain station, direct from San Jose; Evelyn light rail station). Alternatively, Uber and Lyft work very well in the Silicon Valley.

Organizers:

• Eric Rescorla (Mozilla) [ekr at rtfm.com]
• Antoine Delignat-Lavaud (Microsoft Research), [antdl at microsoft.com]

Meeting Purpose

Following the success of the TRON (TLS 1.3: Ready or Not?) workshop at NDSS'16, we would like to once again bring together a diverse crowd of people involved in various aspects of TLS 1.3: its specification and standardization, its security analysis by cryptographers and protocol experts in academia and in industry, and its implementation in various libraries. Please note that this event is not endorsed by the IETF and is not a substitute for TLS WG discussions.

To ensure that the short duration of the meetup is used effectively, we would like to restrict the audience to about 20 expert participants; therefore, attendance is by invitation (which you can request by contacting the chairs). About half of the time will be allocated to design and analysis topics, with the other half dedicated to implementation.

Agenda

Time	Topic
0933-1000	People Arrive, Coffee, etc
1000-1045	Changes in -13 and overview of remaining issues (EKR) Key schedule Session context HelloRetryRequest Multiple session tickets (open) Server auth w/ 0-RTT (open)
1045-1130	Analysis results Shin’ichiro Matsuo: CELLOS review (15 min) Cas Cremers: update on draft 13 analysis (15 min) Markulf Kohlweiss: analysis of the new key schedule (15 min)
1130-1200	Post-handshake encryption discussion (try to reach consensus)
1200-1300	Lunch break (Mozilla provides)
1300-1430	Implementation session (~20min/implementation) NSS [EKR] Mint [Barnes/Sullivan] Mint/NSS demo (if possible) miTLS* [Antoine] BoringSSL [Steven?] Known interop issues [EKR] Compatibility measurements [Barnes?]
1430-1515	API discussion Recommendations [Iyengar] 0-RTT Client auth, 0.5-RTT Ticket management / session unlinkability
1515-1530	Other topics

Participants

Name	Organization
Eric Rescorla	Mozilla
Antoine Delignat-Lavaud	Microsoft Research
Martin Thomson	Mozilla
Markulf Kohlweiss	Microsoft Research
Felix Günther	TU Darmstadt
Cas Cremers	University of Oxford
Björn Tackmann	UCSD
Shin’ichiro Matsuo	CELLOS consortium / MagicCube Inc.
Yuji Suga	CELLOS consortium
Wan-Teh Chang	Google
Steven Valdez	Google
Bruno Blanchet	Google / Inria
Nick Sullivan	CloudFlare
Subodh Iyengar	Facebook
Kyle Nekritz	Facebook