The following errata report has been verified for RFC8446, "The Transport Layer Security (TLS) Protocol Version 1.3".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8908 -------------------------------------- Status: Verified Type: Technical Reported by: Loïc Ferreira <[email protected]> Date Reported: 2026-03-03 Verified by: Deb Cooley (IESG) Section: 2.2 Original Text ------------- Client Server Initial Handshake: ClientHello + key_share --------> ServerHello + key_share {EncryptedExtensions} {CertificateRequest*} {Certificate*} {CertificateVerify*} {Finished} <-------- [Application Data*] {Certificate*} {CertificateVerify*} {Finished} --------> <-------- [NewSessionTicket] [Application Data] <-------> [Application Data] Corrected Text -------------- Client Server Initial Handshake: ClientHello + key_share + psk_key_exchange_modes --------> ServerHello + key_share {EncryptedExtensions} {CertificateRequest*} {Certificate*} {CertificateVerify*} {Finished} <-------- [Application Data*] {Certificate*} {CertificateVerify*} {Finished} --------> <-------- [NewSessionTicket] [Application Data] <-------> [Application Data] Notes ----- According to Errata ID 7003, Section 4.6.1 should say: "At any time after the server has received both a "psk_key_exchange_modes" extension and a Finished message, it MAY send a NewSessionTicket message." Fixed in 8446bis here: https://github.com/tlswg/tls13-spec/pull/1345 -------------------------------------- RFC8446 (draft-ietf-tls-tls13-28) -------------------------------------- Title : The Transport Layer Security (TLS) Protocol Version 1.3 Publication Date : August 2018 Author(s) : E. Rescorla Category : PROPOSED STANDARD Source : Transport Layer Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
