The following errata report has been submitted for RFC8446, "The Transport Layer Security (TLS) Protocol Version 1.3".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6401 -------------------------------------- Type: Technical Reported by: Eric Covener <[email protected]> Section: 4.6.2 Original Text ------------- When the client has sent the "post_handshake_auth" extension (see Section 4.2.6), a server MAY request client authentication at any time after the handshake has completed by sending a CertificateRequest message. Corrected Text -------------- When the client has sent the "post_handshake_auth" extension (see Section 4.2.6), a server MAY request client authentication during the main handshake and/or at any time after the handshake has completed by sending a CertificateRequest message. Notes ----- 4.6.2 is ambiguous as to whether it forbids "main handshake" (mid-handshake) client authentication when the client has sent the "post_handshake_auth" extension. I think the language would be stronger if it were really forbidden, and openssl s_server permits this behavior and rfc8740 implies it as well. The "main handshake" language is adopted from 4.3.2 but "main" could be dropped as "handshake" is not ambiguous in 1.3 due to no renegotiation. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8446 (draft-ietf-tls-tls13-28) -------------------------------------- Title : The Transport Layer Security (TLS) Protocol Version 1.3 Publication Date : August 2018 Author(s) : E. Rescorla Category : PROPOSED STANDARD Source : Transport Layer Security Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
