RFC Errata
RFC 8448, "Example Handshake Traces for TLS 1.3", January 2019
Source of RFC: tls (sec)
Errata ID: 5720
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Martin Thomson
Date Reported: 2019-05-05
Held for Document Update by: Benjamin Kaduk
Date Held: 2019-05-06
Throughout the document, when it says:
00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02
It should say:
00 0d 00 18 00 16 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
Notes:
The traces all show DSA signature schemes in ClientHello messages. The use of these is prohibited by RFC 8446. To be compliant, these would be removed.
Note that this isn't a simple substitution as implied above. The length fields on all of the messages would also need to be reduced by 8 in addition to making the substitution. The value of the PSK binders used in the resumption case in Section 4 would need to be recalculated also.