The following errata report has been verified for RFC8446, "The Transport Layer Security (TLS) Protocol Version 1.3".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8803 -------------------------------------- Status: Verified Type: Technical Reported by: Loïc Ferreira <[email protected]> Date Reported: 2026-03-04 Verified by: Deb Cooley (IESG) Section: E.1 Original Text ------------- The PSK binder value forms a binding between a PSK and the current handshake, as well as between the session where the PSK was established and the current session. This binding transitively includes the original handshake transcript, because that transcript is digested into the values which produce the resumption master secret. Corrected Text -------------- The PSK binder value forms a binding between a PSK and the current handshake, as well as between the session where the PSK was established (if established via a NewSessionTicket message) and the current session. This binding transitively includes the original handshake transcript, because that transcript is digested into the values which produce the resumption master secret. Notes ----- The last sentence is not correct since it does not hold for an external PSK (computed independently from the resumption master secret). NB: section 4.2.11.2 adds this precision: "The PSK binder value forms a binding between a PSK and the current handshake, as well as a binding between the handshake in which the PSK was generated (if via a NewSessionTicket message) and the current handshake." Fixed in 8446bis here: https://github.com/tlswg/tls13-spec/pull/1423 -------------------------------------- RFC8446 (draft-ietf-tls-tls13-28) -------------------------------------- Title : The Transport Layer Security (TLS) Protocol Version 1.3 Publication Date : August 2018 Author(s) : E. Rescorla Category : PROPOSED STANDARD Source : Transport Layer Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
