Re: [Gen-art] Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10

Andrei Popov <> Sun, 26 November 2017 20:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 89E5D1201FA; Sun, 26 Nov 2017 12:41:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NhUWbCDUxoTM; Sun, 26 Nov 2017 12:41:25 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3CF8D12702E; Sun, 26 Nov 2017 12:41:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kTGGxjMKpwolZPrpVpGh8NBjL8nv++5IimKHAdL1reE=; b=Gzmv55r31NT+IQ9FhqSpmlDuHDJr/IlONJovuk8phdOLcWAUm++XH0O83Icf96Ed7FmS5q6V5fQrj2cDHzUBz7PsO2uLjPvTzv9HPYKmB/e10mjvFVUFcathrGaFdmjBAUSfQ08Wmg6ONEl8Z+4pSujXU41k8TDngi0DL9qjYy4=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.0; Sun, 26 Nov 2017 20:41:23 +0000
Received: from ([]) by ([]) with mapi id 15.20.0302.001; Sun, 26 Nov 2017 20:41:23 +0000
From: Andrei Popov <>
To: Paul Kyzivat <>, "" <>
CC: General Area Review Team <>
Thread-Topic: Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10
Thread-Index: AQHTZvH0w8XlUQXgoUCzQLGsjNF1Z6MnGtFQ
Date: Sun, 26 Nov 2017 20:41:23 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: [2001:4898:80e8:4::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR21MB0638; 6:KDeZeT2/aCfMMEZNookaBZvnhMk4gJ3XR/wmqBRMaaw3rEkSJoGxm/laWo338QgJUFQHeQ32o/fBvgTr7EbyObAGJ0cSdlL3O2q4es/BTUjapOhgTjCsnjqGseiboml4fyHY1NhNJEm/ReytArvqTQdeQzhcfT4+r+w7LpRWh8G6EAo0eUWQceVo/x7IBa2d+LwZ20SnuFzyaDBQ+DhQh3jExap54Y10DlLMHr6rAUS4mPomTpan+bzkNYjHot4Kv2xlRxvycOusg76fGlofRMirXq62QpUdiWsPXKiTC3sjHF0I3vmfRGdVnTrZAHgLgbT42NJiSmmRzgdccKEg8BGBanxg/VdIqUtkT3KE9/c=; 5:VUoZs1ngh/g44wj9vEcsz8OEjlExb1TOWet9wE0TOuDl8Sn68Ls2mLPi8IphcSgYwAzAbCHK3P9tZp68NbFL9uDOLMA0TC0hI7BpYvID+ODvxe36w+QtwSPo8RFD83WjCXZSsRNsoqIT5snQhfBqLNTHvpFczNzt5TlIEgso0X8=; 24:7uDQCRpUM2x3Ty/s1qlNKJVbvtXPIuqWP0cZATCRf+UeCBVfo7emLzsekIRrafn0ypRUSCPtgmoBg6BYvbWoxdErluzQtfXOcpFvn9DbKX8=; 7:UavaaJME7PwcRrQ72LAf8A+AG4RRos03zh4y3I+tYz5/KZzfcvaLSeyGfLX217PGS08bTNbD+Bs5ecZdFeBVZ/SxipjgBNC8WlO+qR7RsI5BXgR9vKbCUuzsUAWE8MTHUpxN7h9MUT5MXFNhR/LtnbeQvtq3jirmParecSeQfs2Te8KALgwZJDT/u10AEn96r0Gdt5SfBrBnB7s2+Eb6i2uVxHWPqfZofRbrBlxkkvYLvPGJ1UZtUoRqAmCeFW+i
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 5a848ad3-2908-46fc-1192-08d5350e0ed9
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603258); SRVR:MWHPR21MB0638;
x-ms-traffictypediagnostic: MWHPR21MB0638:
authentication-results: spf=none (sender IP is );
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(3231022)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(20161123562025)(20161123558100)(20161123555025)(6072148)(201708071742011); SRVR:MWHPR21MB0638; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:MWHPR21MB0638;
x-forefront-prvs: 0503FF9A3E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(376002)(346002)(366004)(39860400002)(47760400005)(51914003)(199003)(13464003)(189002)(377424004)(2501003)(25786009)(74316002)(110136005)(575784001)(86362001)(99286004)(10290500003)(10090500001)(72206003)(8990500004)(33656002)(77096006)(8936002)(6116002)(102836003)(2950100002)(7736002)(14454004)(305945005)(68736007)(2906002)(22452003)(86612001)(189998001)(478600001)(5660300001)(55016002)(4326008)(3280700002)(50986999)(4001150100001)(3660700001)(6246003)(81166006)(8676002)(81156014)(101416001)(2171002)(316002)(53936002)(97736004)(6436002)(76176999)(54356999)(2900100001)(6506006)(9686003)(106356001)(53546010)(105586002)(229853002)(230783001)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0638;; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a848ad3-2908-46fc-1192-08d5350e0ed9
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2017 20:41:23.5683 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0638
Archived-At: <>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 26 Nov 2017 20:41:29 -0000

Thanks for the review, Paul.

> For example, if the supplied version is 3.5, what does it say about other versions supported?
Similarly to TLS <= 1.2 version negotiation, this says nothing about any other protocol versions supported by the client. It only means that the server may respond with version X.Y where X<=3 and Y<=5. If the client happens to not support the version the server has chosen, the client will not use Token Binding on this connection. 
Will expand this section to make things more clear in the next revision (after collecting more comments).

> Please consider if these are saying what you mean, and tweak the wording.
This language is intended to make it clear that EMS is only required when using TLS <= 1.2. I would prefer to keep this language, perhaps removing the word "only".



-----Original Message-----
From: Paul Kyzivat [] 
Sent: Sunday, November 26, 2017 12:06 PM
Cc: General Area Review Team <>;
Subject: Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10

I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please see the FAQ at <​>.

Document: draft-ietf-tokbind-negotiation-10
Reviewer: Paul Kyzivat
Review Date: 2017-11-26
IETF LC End Date: 2017-11-27
IESG Telechat date: TBD


This draft is on the right track but has open issues, described in the review.


Major: 0
Minor: 1
Nits:  1

(1) MINOR:

Section 2 states the following requirement:

    ... it SHOULD
    indicate the latest (highest valued) version in

But this doesn't state the precise meaning of "highest valued version". 
For example, if the supplied version is 3.5, what does it say about other versions supported? Presumably it covers 3.0...3.5. But what about lower major versions? I guess it must mean that 1.0...1.x and 2.0...2.y are also supported for some value of x and y. But *what* values of x and y? All that were ever defined? And what are the rules about versions 0.n?

This use of versioning implies that a particular discipline be followed for defining new major/minor version numbers, and for implementors. But no such discipline is described.

Additional text is needed to nail all of this down.

(2) NIT:

The Introduction says:

    The negotiation of the Token Binding protocol and key
    parameters in combination with TLS 1.3 and later versions is beyond
    the scope of this document.

while item (3) of section 3 says:

        This requirement only applies when TLS 1.2 or an older TLS
        version is used (see security considerations section below for
        more details).

Taken together these seem odd - the requirement only applies to the entire scope of the document!

Please consider if these are saying what you mean, and tweak the wording.