RFC 8446, "The Transport Layer Security (TLS) Protocol Version 1.3", August 2018Source of RFC: tls (sec)
Errata ID: 6204
Publication Format(s) : TEXT
Reported By: Chris Wood
Date Reported: 2020-06-03
Section E.1 says:
Implementations MUST NOT combine external PSKs with certificate-based authentication of either the client or the server unless negotiated by some extension.
It should say:
Implementations MUST NOT combine external PSKs with certificate-based authentication of either client or the server. Future specifications MAY provide an extension to permit this.
The existing text can be misread as permitting this combination upon negotiation of the "post_handshake_auth" extension, which would be incorrect.  describes an attack that can occur based on this misinterpretation. The proposed text aims to make clear that a *new* extension is required for this combination.