The following errata report has been held for document update for RFC8446, "The Transport Layer Security (TLS) Protocol Version 1.3".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6204 -------------------------------------- Status: Held for Document Update Type: Editorial Reported by: Chris Wood <c...@heapingbits.net> Date Reported: 2020-06-03 Held by: Paul Wouters (IESG) Section: E.1 Original Text ------------- Implementations MUST NOT combine external PSKs with certificate-based authentication of either the client or the server unless negotiated by some extension. Corrected Text -------------- Implementations MUST NOT combine external PSKs with certificate-based authentication of either client or the server. Future specifications MAY provide an extension to permit this. Notes ----- The existing text can be misread as permitting this combination upon negotiation of the "post_handshake_auth" extension, which would be incorrect. [1] describes an attack that can occur based on this misinterpretation. The proposed text aims to make clear that a *new* extension is required for this combination. Paul Wouters(AD): See https://mailarchive.ietf.org/arch/msg/tls/uDjERicvcTimiecyhiSrYA0H1Sc/ [1] https://link.springer.com/article/10.1007%2Fs11416-020-00352-0 -------------------------------------- RFC8446 (draft-ietf-tls-tls13-28) -------------------------------------- Title : The Transport Layer Security (TLS) Protocol Version 1.3 Publication Date : August 2018 Author(s) : E. Rescorla Category : PROPOSED STANDARD Source : Transport Layer Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls