Re: [TLS] [Editorial Errata Reported] RFC8773 (7598)
Russ Housley <housley@vigilsec.com> Fri, 11 August 2023 16:36 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1E13C135DE2 for <tls@ietfa.amsl.com>; Fri, 11 Aug 2023 09:36:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QrCMCMxpYCzE for <tls@ietfa.amsl.com>; Fri, 11 Aug 2023 09:36:13 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE51BC1CAB29 for <tls@ietf.org>; Fri, 11 Aug 2023 09:35:54 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id A2D5012903F for <tls@ietf.org>; Fri, 11 Aug 2023 12:35:53 -0400 (EDT)
Received: from smtpclient.apple (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 96C90128FC6 for <tls@ietf.org>; Fri, 11 Aug 2023 12:35:53 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Fri, 11 Aug 2023 12:35:43 -0400
References: <20230811162318.7CA49E76BE@rfcpa.amsl.com>
To: IETF TLS <tls@ietf.org>
In-Reply-To: <20230811162318.7CA49E76BE@rfcpa.amsl.com>
Message-Id: <75D52C65-A9DC-462C-9A09-7C5FA107FF32@vigilsec.com>
X-Mailer: Apple Mail (2.3731.600.7)
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XS0v95K78Y5aBRoRM4prEQyXjBk>
Subject: Re: [TLS] [Editorial Errata Reported] RFC8773 (7598)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2023 16:36:18 -0000
I believe thatthis errata should be verified. > On Aug 11, 2023, at 12:23 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC8773, > "TLS 1.3 Extension for Certificate-Based Authentication with an External Pre-Shared Key". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7598 > > -------------------------------------- > Type: Editorial > Reported by: Russ Housley <housley@vigilsec.com> > > Section: 5.1 > > Original Text > ------------- > When the "psk_key_exchange_modes" extension is included in the > ServerHello message, servers MUST select the psk_dhe_ke mode > for the initial handshake. > > Corrected Text > -------------- > When the "psk_key_exchange_modes" extension is included in the > ClientHello message, servers MUST select the psk_dhe_ke mode > for the initial handshake. > > Notes > ----- > According to RFC 8446, the "psk_key_exchange_modes" extension only appears in the ClientHello message. Further, the slides presented on this topic at IETF 101show the "psk_key_exchange_modes" extension in the ClientHello message and no other place. It is pretty clear that this is an editorial error. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8773 (draft-ietf-tls-tls13-cert-with-extern-psk-07) > -------------------------------------- > Title : TLS 1.3 Extension for Certificate-Based Authentication with an External Pre-Shared Key > Publication Date : March 2020 > Author(s) : R. Housley > Category : EXPERIMENTAL > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG
- [TLS] [Editorial Errata Reported] RFC8773 (7598) RFC Errata System
- Re: [TLS] [Editorial Errata Reported] RFC8773 (75… Russ Housley
- Re: [TLS] [Editorial Errata Reported] RFC8773 (75… Sean Turner