The Internet Engineering Task Force (IETF) published RFC 8773 in March 2020, specifying a TLS 1.3 extension that allows a server to authenticate using a combination of a certificate and an external pre-shared key (PSK). Authored by Russ Housley of Vigil Security, the document was published as an Experimental RFC following IETF community consensus and Internet Engineering Steering Group (IESG) approval.
RFC 8773 was motivated by the quantum computing threat to public key cryptography. As the document states, the development of a large-scale quantum computer would pose a serious challenge to the digital signature algorithms used to authenticate servers in the TLS 1.3 handshake. By incorporating an external PSK into the key schedule alongside certificate-based authentication, the extension provides an additional layer of protection against future quantum-capable adversaries.
Under RFC 8773, the external PSK is placed into the key schedule as part of the Early Secret computation, supplementing rather than replacing certificate-based authentication. Compromise of the external PSK would make encrypted session content vulnerable to a future quantum computer, according to the document’s security considerations. The specification was published as an Experimental RFC rather than a Standards Track document to enable interoperable implementations and gain deployment experience.