The following errata report has been verified for RFC8773, "TLS 1.3 Extension for Certificate-Based Authentication with an External Pre-Shared Key".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7598 -------------------------------------- Status: Verified Type: Editorial Reported by: Russ Housley <hous...@vigilsec.com> Date Reported: 2023-08-11 Verified by: RFC Editor Section: 5.1 Original Text ------------- When the "psk_key_exchange_modes" extension is included in the ServerHello message, servers MUST select the psk_dhe_ke mode for the initial handshake. Corrected Text -------------- When the "psk_key_exchange_modes" extension is included in the ClientHello message, servers MUST select the psk_dhe_ke mode for the initial handshake. Notes ----- According to RFC 8446, the "psk_key_exchange_modes" extension only appears in the ClientHello message. Further, the slides presented on this topic at IETF 101show the "psk_key_exchange_modes" extension in the ClientHello message and no other place. It is pretty clear that this is an editorial error. -------------------------------------- RFC8773 (draft-ietf-tls-tls13-cert-with-extern-psk-07) -------------------------------------- Title : TLS 1.3 Extension for Certificate-Based Authentication with an External Pre-Shared Key Publication Date : March 2020 Author(s) : R. Housley Category : EXPERIMENTAL Source : Transport Layer Security Stream : IETF _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls