RFC 9528, "Ephemeral Diffie-Hellman Over COSE (EDHOC)", March 2024

Errata ID: 8272
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: John Mattsson
Date Reported: 2025-01-29

Section 5.4.2 says:

The Initiator SHOULD NOT persistently store PRK_out or application keys
until the Initiator has verified message_4 or a message protected with
a derived application key, such as an OSCORE message, from the Responder
and the application has authenticated the Responder. 

It should say:

The Initiator SHOULD NOT persistently store
C_I, C_R, PRK_out or application keys
until the Initiator has verified message_4 or a message protected with
a derived application key, such as an OSCORE message, from the Responder
and the application has authenticated the Responder. 

Notes:

This applies to the connection identifiers C_I, C_R equally as to the keys.

Report New Errata