[Gen-art] Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10

Paul Kyzivat <pkyzivat@alum.mit.edu> Sun, 26 November 2017 20:05 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82927126C0F; Sun, 26 Nov 2017 12:05:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id POCqTAnXKhEZ; Sun, 26 Nov 2017 12:05:44 -0800 (PST)
Received: from alum-mailsec-scanner-3.mit.edu (alum-mailsec-scanner-3.mit.edu [18.7.68.14]) by ietfa.amsl.com (Postfix) with ESMTP id DE5BA124D6C; Sun, 26 Nov 2017 12:05:43 -0800 (PST)
X-AuditID: 1207440e-bf9ff70000007085-55-5a1b1e9585d2
Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by alum-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 22.AC.28805.59E1B1A5; Sun, 26 Nov 2017 15:05:42 -0500 (EST)
Received: from PaulKyzivatsMBP.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id vAQK5d4w032334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 26 Nov 2017 15:05:40 -0500
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
To: draft-ietf-tokbind-negotiation.all@ietf.org
Cc: General Area Review Team <gen-art@ietf.org>
Message-ID: <c863ce3f-149b-8d97-592b-6ce6dbc62660@alum.mit.edu>
Date: Sun, 26 Nov 2017 15:05:39 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrEIsWRmVeSWpSXmKPExsUixO6iqDtNTjrKYMk/VYsdLX9ZLK6++szi wOSxZMlPpgDGKC6blNSczLLUIn27BK6ME233GQuuClRcunydsYGxi7eLkYNDQsBE4sgqwy5G Lg4hgR1MEjNeNDNDOA+ZJF4vWM7YxcjJwSagJTHn0H8WkAZhATeJ0zOYQcIiAvoS6//NYgOx mYHsv08WM4HYvAL2EksPXgCLswioSmw83MsKYosKpEncmfEQqkZQ4uTMJywQvWYS8zY/ZIaw xSVuPZnPBGHLSzRvnc08gZFvFpKWWUhaZiFpmYWkZQEjyypGucSc0lzd3MTMnOLUZN3i5MS8 vNQiXWO93MwSvdSU0k2MkCDk28HYvl7mEKMAB6MSD++OI5JRQqyJZcWVuYcYJTmYlER5F2RL RQnxJeWnVGYkFmfEF5XmpBYfYpTgYFYS4RUoB8rxpiRWVqUW5cOkpDlYlMR51Zao+wkJpCeW pGanphakFsFkZTg4lCR4VWWlo4QEi1LTUyvSMnNKENJMHJwgw3mAhjOB1PAWFyTmFmemQ+RP MVpy9PTc+MPEsePmXSD5bObrBmYhlrz8vFQpcd5ykAYBkIaM0jy4mbCk8opRHOhFYd7JIFU8 wIQEN/UV0EImoIVPT4qDLCxJREhJNTAuCT2lf/nnnvjnnxdpTfewuigT/3YTY3hPlODBfR8S P7tsuLL34cHFiUKuLiEHbMP9lFir/LYbPF2e1TOfS7j7dLZzupdpfpuh2rzHW+Y7CGTM7rnE 4nJRdlXuq6WXTB/tswqXnKK3/YrN262z9r9pc5zJvVybf13h2hmtIf8mfXT93b//7+RDSizF GYmGWsxFxYkAPW5WXQUDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/Ye9PBD6aaUU5CHg8wt19Kc989xA>
Subject: [Gen-art] Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Nov 2017 20:05:45 -0000

I am the assigned Gen-ART reviewer for this draft. The General Area 
Review Team (Gen-ART) reviews all IETF documents being processed by the 
IESG for the IETF Chair. Please wait for direction from your document 
shepherd or AD before posting a new version of the draft. For more 
information, please see the FAQ at 
<​http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-tokbind-negotiation-10
Reviewer: Paul Kyzivat
Review Date: 2017-11-26
IETF LC End Date: 2017-11-27
IESG Telechat date: TBD

Summary:

This draft is on the right track but has open issues, described in the 
review.

Issues:

Major: 0
Minor: 1
Nits:  1

(1) MINOR:

Section 2 states the following requirement:

    ... it SHOULD
    indicate the latest (highest valued) version in
    TokenBindingParameters.token_binding_version.

But this doesn't state the precise meaning of "highest valued version". 
For example, if the supplied version is 3.5, what does it say about 
other versions supported? Presumably it covers 3.0...3.5. But what about 
lower major versions? I guess it must mean that 1.0...1.x and 2.0...2.y 
are also supported for some value of x and y. But *what* values of x and 
y? All that were ever defined? And what are the rules about versions 0.n?

This use of versioning implies that a particular discipline be followed 
for defining new major/minor version numbers, and for implementors. But 
no such discipline is described.

Additional text is needed to nail all of this down.

(2) NIT:

The Introduction says:

    The negotiation of the Token Binding protocol and key
    parameters in combination with TLS 1.3 and later versions is beyond
    the scope of this document.

while item (3) of section 3 says:

        This requirement only applies when TLS 1.2 or an older TLS
        version is used (see security considerations section below for
        more details).

Taken together these seem odd - the requirement only applies to the 
entire scope of the document!

Please consider if these are saying what you mean, and tweak the wording.