[mahemm]

The attack can only happen in an unusual setting (nodes using external PSKs that can act as both client and server simultaneously), meaning that this vulnerability will not have too much impact on the open internet.

The more interesting issue here is that this sort of vulnerability should/could have been found through the numerous proofs of security that were created for TLS1.3.

IMO the most interesting insights that can be found in this paper come from section 6, where they consider how the proofs missed. It turns out that the proofs did not consider the possibility that a client and a server would simultaneously possess the same PSK, but IRL the sub-entities of a single node will do so.