RFC Errata
RFC 8773, "TLS 1.3 Extension for Certificate-Based Authentication with an External Pre-Shared Key", March 2020
Source of RFC: tls (sec)See Also: RFC 8773 w/ inline errata
Errata ID: 7598
Status: Verified
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: Russ Housley
Date Reported: 2023-08-11
Verifier Name: RFC Editor
Date Verified: 2024-04-09
Section 5.1 says:
When the "psk_key_exchange_modes" extension is included in the ServerHello message, servers MUST select the psk_dhe_ke mode for the initial handshake.
It should say:
When the "psk_key_exchange_modes" extension is included in the ClientHello message, servers MUST select the psk_dhe_ke mode for the initial handshake.
Notes:
According to RFC 8446, the "psk_key_exchange_modes" extension only appears in the ClientHello message. Further, the slides presented on this topic at IETF 101show the "psk_key_exchange_modes" extension in the ClientHello message and no other place. It is pretty clear that this is an editorial error.