This is correct, though I would have extended this to say ", except for post-handshake authentication, which uses keys derived from the current [sender]_application_traffic_secret_N." or similar.
On Sat, Aug 6, 2022, at 23:03, RFC Errata System wrote: > The following errata report has been submitted for RFC8446, > "The Transport Layer Security (TLS) Protocol Version 1.3". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7073 > > -------------------------------------- > Type: Technical > Reported by: Ben Smyth <resea...@bensmyth.com> > > Section: 4.4 > > Original Text > ------------- > These messages are encrypted under keys derived from the > [sender]_handshake_traffic_secret. > > Corrected Text > -------------- > These messages are encrypted under keys derived from the > [sender]_handshake_traffic_secret, except for post-handshake > authentication > > Notes > ----- > There's an exception > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8446 (draft-ietf-tls-tls13-28) > -------------------------------------- > Title : The Transport Layer Security (TLS) Protocol Version 1.3 > Publication Date : August 2018 > Author(s) : E. Rescorla > Category : PROPOSED STANDARD > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
