Last Call Review of draft-ietf-tokbind-protocol-16
review-ietf-tokbind-protocol-16-opsdir-lc-kuarsingh-2017-11-27-00

Request Review of draft-ietf-tokbind-protocol
Requested rev. no specific revision (document currently at 19)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2017-11-27
Requested 2017-11-13
Authors Andrey Popov, Magnus Nystrom, Dirk Balfanz, Adam Langley, Jeff Hodges
Draft last updated 2017-11-27
Completed reviews Genart Last Call review of -16 by Jouni Korhonen (diff)
Secdir Last Call review of -16 by Yoav Nir (diff)
Opsdir Last Call review of -16 by Victor Kuarsingh (diff)
Artart Telechat review of -17 by Matthew Miller (diff)
Assignment Reviewer Victor Kuarsingh
State Completed
Review review-ietf-tokbind-protocol-16-opsdir-lc-kuarsingh-2017-11-27
Reviewed rev. 16 (document currently at 19)
Review result Ready
Review completed: 2017-11-27

Review
review-ietf-tokbind-protocol-16-opsdir-lc-kuarsingh-2017-11-27

Dear Authors,

<< NOTE: Resending for ops-dir list as I made type on draft title on
last email , please ignore, but I need this mail archive to complete
review correctly >>

I have reviewed this document as part of the Operational directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving the
operational aspects of the IETF drafts. Comments that are not
addressed in last call may be included in AD reviews during the IESG
review.  Document editors and WG chairs should treat these comments
just like any other last call comments.

Document Reviewed - The Token Binding Protocol Version 1.0

Link to Document - https://tools.ietf.org/html/draft-ietf-tokbind-protocol-16

Summary:

This document specifies specifies an initial version of a Token
Binding Protocol (version 1.0).  The basic objective of the protocol
is to allow applications to create and utilize long lived TLS bindings
across multiple sessions/connection.  The goal is to provide added
security to client/server communications.

General Comments and Feedback:


The document is well written and describes the protocol well.  During
the review of the document, I did not find specific gaps or issues as
part of an ops focused review.  Key operational considerations are
well captured and describe din section 7 (security considerations
section).


Based on my review, I have no material points to add and note the
document appears ready for publication - notwithstanding any other
area reviews which may find issues to be addressed.


In line text review follow

Text Review


<< Abstract >>
- ok

<< Introduction >>

< P1 >

Suggested replacement "Often, servers generate various security
tokens...." with " Servers often generate various security tokens..."

<< Token Binding Protocol Overview >>

- ok

<< Token Binding Protocol Message >>


- ok


<< TokenBinding.tokenbinding_type >>

- ok

<< TokenBinding.tokenbindingid >>

- ok

<< TokenBinding.signature >>

- ok

<< TokenBinding.extensions >>

- ok

<< Establishing a Token Binding >>


<< Client Processing Rules >>

- ok

<< Server Processing Rules >>

- ok

<< Bound Security Token Creation and Validation >>

- ok

<< IANA Considerations >>

- ok

<< Token Binding Key Parameters Registry >>

- ok

<< Token Binding Types Registry >>

- ok

<< Token Binding Extensions Registry >>

- ok

<< Registration of Token Binding TLS Exporter Label >>

- ok

<< Security Considerations >>

- ok

<< Security Token Replay >>

- ok

<< Downgrade Attacks >>

- ok

<< Privacy Considerations >>

- ok

<< Token Binding Key Sharing Between Applications >>

- ok

<< Triple Handshake Vulnerability in TLS 1.2 and Older TLS Versions >>

- ok