Found 2 records.

Status: Verified (2)

RFC 8773, "TLS 1.3 Extension for Certificate-Based Authentication with an External Pre-Shared Key", March 2020

Errata ID: 8888
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Muhammad Usama Sardar
Date Reported: 2026-04-24
Verifier Name: Deb Cooley
Date Verified: 2026-05-07

Section 7 says:

Early Secret = HKDF-Extract(External PSK, 0)

It should say:

Early Secret = HKDF-Extract(0, External PSK)

Notes:

As discussed in https://mailarchive.ietf.org/arch/msg/tls/6Wk82oBGd61rTK23DgfYb7BmRKM/ and https://github.com/tlswg/rfc8773bis/pull/2

Errata ID: 7598
Status: Verified
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: Russ Housley
Date Reported: 2023-08-11
Verifier Name: RFC Editor
Date Verified: 2024-04-09

Section 5.1 says:

When the "psk_key_exchange_modes" extension is included in the
ServerHello message, servers MUST select the psk_dhe_ke mode
for the initial handshake.

It should say:

When the "psk_key_exchange_modes" extension is included in the
ClientHello message, servers MUST select the psk_dhe_ke mode
for the initial handshake.

Notes:

According to RFC 8446, the "psk_key_exchange_modes" extension only appears in the ClientHello message. Further, the slides presented on this topic at IETF 101show the "psk_key_exchange_modes" extension in the ClientHello message and no other place. It is pretty clear that this is an editorial error.

Report New Errata