Skip to main content

Last Call Review of draft-ietf-tokbind-negotiation-10

Request Review of draft-ietf-tokbind-negotiation
Requested revision No specific revision (document currently at 14)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2017-11-27
Requested 2017-11-13
Authors Andrei Popov , Magnus Nystrom , Dirk Balfanz , Adam Langley
I-D last updated 2017-11-26
Completed reviews Genart Last Call review of -10 by Paul Kyzivat (diff)
Secdir Last Call review of -10 by Hilarie Orman (diff)
Opsdir Last Call review of -10 by Will (Shucheng) LIU (diff)
Artart Telechat review of -12 by Matthew A. Miller (diff)
Genart Telechat review of -12 by Paul Kyzivat (diff)
Assignment Reviewer Paul Kyzivat
State Completed Snapshot
Review review-ietf-tokbind-negotiation-10-genart-lc-kyzivat-2017-11-26
Reviewed revision 10 (document currently at 14)
Result Ready w/issues
Completed 2017-11-26
I am the assigned Gen-ART reviewer for this draft. The General Area 
Review Team (Gen-ART) reviews all IETF documents being processed by the 
IESG for the IETF Chair. Please wait for direction from your document 
shepherd or AD before posting a new version of the draft. For more 
information, please see the FAQ at 

Document: draft-ietf-tokbind-negotiation-10
Reviewer: Paul Kyzivat
Review Date: 2017-11-26
IETF LC End Date: 2017-11-27
IESG Telechat date: TBD


This draft is on the right track but has open issues, described in the 


Major: 0
Minor: 1
Nits:  1

(1) MINOR:

Section 2 states the following requirement:

    ... it SHOULD
    indicate the latest (highest valued) version in

But this doesn't state the precise meaning of "highest valued version". 
For example, if the supplied version is 3.5, what does it say about 
other versions supported? Presumably it covers 3.0...3.5. But what about 
lower major versions? I guess it must mean that 1.0...1.x and 2.0...2.y 
are also supported for some value of x and y. But *what* values of x and 
y? All that were ever defined? And what are the rules about versions 0.n?

This use of versioning implies that a particular discipline be followed 
for defining new major/minor version numbers, and for implementors. But 
no such discipline is described.

Additional text is needed to nail all of this down.

(2) NIT:

The Introduction says:

    The negotiation of the Token Binding protocol and key
    parameters in combination with TLS 1.3 and later versions is beyond
    the scope of this document.

while item (3) of section 3 says:

        This requirement only applies when TLS 1.2 or an older TLS
        version is used (see security considerations section below for
        more details).

Taken together these seem odd - the requirement only applies to the 
entire scope of the document!

Please consider if these are saying what you mean, and tweak the wording.