Hi, Throughout the document, it is pretty clear what optionality refers to:
1. Introduction [...] - Authentication: The server side of the channel is always authenticated; the client side is optionally authenticated. and from the same Protocol Overview section, 2 pages later: - Authentication: Authenticate the server (and, optionally, the client) and provide key confirmation and handshake integrity. The "optionally authenticate each other" text appears to have been carried over from TLS 1.2 and before where anonymous key exchanges were still a thing. I don't think there is any misinterpretation possible from someone reading the whole section and I like the current conciseness. A longer, but technically more accurate version could be: [..], authenticate the server to the client, optionally authenticate the client to the server, [..] I suggest (reluctantly) accepting this ("Held for Document Update") or rejecting it. Kind regards, Peter On Fri, Apr 24, 2020 at 02:15:22AM -0700, RFC Errata System wrote: > The following errata report has been submitted for RFC8446, > "The Transport Layer Security (TLS) Protocol Version 1.3". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6123 > > -------------------------------------- > Type: Technical > Reported by: Ben Smyth <resea...@bensmyth.com> > > Section: 2 > > Original Text > ------------- > The handshake protocol allows peers to negotiate a protocol version, select > cryptographic algorithms, optionally authenticate each other, and establish > shared secret keying material. > > Corrected Text > -------------- > > > Notes > ----- > Only client authentication is optional (albeit, server authentication is > implicit for PSK-only key exchange mode) > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8446 (draft-ietf-tls-tls13-28) > -------------------------------------- > Title : The Transport Layer Security (TLS) Protocol Version 1.3 > Publication Date : August 2018 > Author(s) : E. Rescorla > Category : PROPOSED STANDARD > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls