Last Call Review of draft-ietf-tokbind-negotiation-10

Request Review of draft-ietf-tokbind-negotiation
Requested rev. no specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-11-27
Requested 2017-11-13
Authors Andrei Popov, Magnus Nystrom, Dirk Balfanz, Adam Langley
Draft last updated 2017-11-27
Completed reviews Genart Last Call review of -10 by Paul Kyzivat (diff)
Secdir Last Call review of -10 by Hilarie Orman (diff)
Opsdir Last Call review of -10 by Will LIU (diff)
Artart Telechat review of -12 by Matthew Miller (diff)
Genart Telechat review of -12 by Paul Kyzivat (diff)
Assignment Reviewer Hilarie Orman 
State Completed
Review review-ietf-tokbind-negotiation-10-secdir-lc-orman-2017-11-27
Reviewed rev. 10 (document currently at 14)
Review result Ready
Review completed: 2017-11-27


Security review of
Transport Layer Security (TLS) Extension for Token Binding Protocol  Negotiation

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call

 From the abstract "This document specifies a Transport Layer Security
(TLS) extension for the negotiation of Token Binding protocol version
and key parameters."

Token binding assures that the necessary authentication information
for a TLS channel is bound solely to that one channel.  As a
preliminary to that binding, the two participants must agree on a
protocol version for establishing a token and the key parameters.  The
TLS extension for this negotiation in the HELLO messages is the
subject of the document under review.

The extension seems to me to be necessary, sufficient, secure, and Ready.