[TLS] [Errata Held for Document Update] RFC8446 (6820)

RFC Errata System <rfc-editor@rfc-editor.org> Fri, 05 April 2024 12:47 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5A3EC14F698; Fri, 5 Apr 2024 05:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_gAWCK9f4iJ; Fri, 5 Apr 2024 05:47:20 -0700 (PDT)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9876EC14F693; Fri, 5 Apr 2024 05:47:15 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 6F369192F799; Fri, 5 Apr 2024 05:47:15 -0700 (PDT)
To: lschwarz@mozilla.com, ekr@rtfm.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: paul.wouters@aiven.io, iesg@ietf.org, tls@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240405124715.6F369192F799@rfcpa.amsl.com>
Date: Fri, 05 Apr 2024 05:47:15 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9tj-sqMzbr464ap29dAa7q0Cdmg>
Subject: [TLS] [Errata Held for Document Update] RFC8446 (6820)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 12:47:24 -0000

The following errata report has been held for document update 
for RFC8446, "The Transport Layer Security (TLS) Protocol Version 1.3". 

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6820

--------------------------------------
Status: Held for Document Update
Type: Technical

Reported by: Leander Schwarz <lschwarz@mozilla.com>
Date Reported: 2022-01-21
Held by: Paul Wouters (IESG)

Section: 6.2

Original Text
-------------
unsupported_extension:  Sent by endpoints receiving any handshake
      message containing an extension known to be prohibited for
      inclusion in the given handshake message, or including any
      extensions in a ServerHello or Certificate not first offered in
      the corresponding ClientHello or CertificateRequest. 

Corrected Text
--------------
unsupported_extension:  Sent by endpoints receiving any handshake
      message containing an extension in a ServerHello or Certificate
      not first offered in the corresponding ClientHello or 
      CertificateRequest.

Notes
-----
The definition of the unsupported_extension alert in section 6.2 contradicts the statements in section 4.2:

        If an implementation receives an extension
        which it recognizes and which is not specified for the message in
        which it appears, it MUST abort the handshake with an
   "illegal_parameter" alert.

While this might not be inconsistent due to the "abort the handshake with an X alert" specification at the beginning of section 6.2, it might lead to confusion. (see https://mailarchive.ietf.org/arch/msg/tls/hGOGWZRMg718mWqOZ06LwjV9360/)

Paul Wouters(AD): Currently discussed at:

https://github.com/tlswg/tls13-spec/issues/1352
https://github.com/tlswg/tls13-spec/pull/1353

--------------------------------------
RFC8446 (draft-ietf-tls-tls13-28)
--------------------------------------
Title               : The Transport Layer Security (TLS) Protocol Version 1.3
Publication Date    : August 2018
Author(s)           : E. Rescorla
Category            : PROPOSED STANDARD
Source              : Transport Layer Security
Stream              : IETF
Verifying Party     : IESG