Re: [Gen-art] Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10

Paul Kyzivat <pkyzivat@alum.mit.edu> Sun, 26 November 2017 21:49 UTC

To: Andrei Popov <Andrei.Popov@microsoft.com>, "draft-ietf-tokbind-negotiation.all@ietf.org" <draft-ietf-tokbind-negotiation.all@ietf.org>
Cc: General Area Review Team <gen-art@ietf.org>
References: <c863ce3f-149b-8d97-592b-6ce6dbc62660@alum.mit.edu> <MWHPR21MB01897C017B48452218F353F88C240@MWHPR21MB0189.namprd21.prod.outlook.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <c604191d-0fa2-3865-4922-4202c3d36bc8@alum.mit.edu>
Date: Sun, 26 Nov 2017 16:49:26 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <MWHPR21MB01897C017B48452218F353F88C240@MWHPR21MB0189.namprd21.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/pcfXznGJtHx6QYPa34RXZcAQRII>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10
Precedence: list

Andrei,

On 11/26/17 3:41 PM, Andrei Popov wrote:
> Thanks for the review, Paul.
> 
>> For example, if the supplied version is 3.5, what does it say about other versions supported?
> Similarly to TLS <= 1.2 version negotiation, this says nothing about any other protocol versions supported by the client. It only means that the server may respond with version X.Y where X<=3 and Y<=5. If the client happens to not support the version the server has chosen, the client will not use Token Binding on this connection.
> Will expand this section to make things more clear in the next revision (after collecting more comments).

ISTM that for the client to simply indicate a single "max" version and 
for the server to then choose any lesser version that it supports 
implies that if you support 3.x then you must be able to support *any* 
2.n or 1.n version. Otherwise it isn't much of a negotiation.

This isn't a problem if the policy is that anything added in a minor 
version update can be ignored if not understood. In that case if you 
support N.0 then you also can work with any N.M.

If that isn't the case, then it can still work if there is a policy that 
once a new major version is defined all the prior versions are frozen so 
that no new minor versions of them can be defined.

>> Please consider if these are saying what you mean, and tweak the wording.
> This language is intended to make it clear that EMS is only required when using TLS <= 1.2. I would prefer to keep this language, perhaps removing the word "only".

But this document doesn't apply to any version of TLS > 1.2, so that 
point is moot. What am I missing?

	Thanks,
	Paul

> Cheers,
> 
> Andrei
> 
> -----Original Message-----
> From: Paul Kyzivat [mailto:pkyzivat@alum.mit.edu]
> Sent: Sunday, November 26, 2017 12:06 PM
> To: draft-ietf-tokbind-negotiation.all@ietf.org
> Cc: General Area Review Team <gen-art@ietf.org>
> Subject: Gen-ART Last Call review of draft-ietf-tokbind-negotiation-10
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please see the FAQ at <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.tools.ietf.org%2Farea%2Fgen%2Ftrac%2Fwiki%2FGenArtfaq&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C0f4698b009614092b71608d53509151a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636473235488200134&sdata=c0ASLsM1Y0evZrebBavBk%2FQDG5rVZUPxw57GpmAzih0%3D&reserved=0>.
> 
> Document: draft-ietf-tokbind-negotiation-10
> Reviewer: Paul Kyzivat
> Review Date: 2017-11-26
> IETF LC End Date: 2017-11-27
> IESG Telechat date: TBD
> 
> Summary:
> 
> This draft is on the right track but has open issues, described in the review.
> 
> Issues:
> 
> Major: 0
> Minor: 1
> Nits:  1
> 
> (1) MINOR:
> 
> Section 2 states the following requirement:
> 
>      ... it SHOULD
>      indicate the latest (highest valued) version in
>      TokenBindingParameters.token_binding_version.
> 
> But this doesn't state the precise meaning of "highest valued version".
> For example, if the supplied version is 3.5, what does it say about other versions supported? Presumably it covers 3.0...3.5. But what about lower major versions? I guess it must mean that 1.0...1.x and 2.0...2.y are also supported for some value of x and y. But *what* values of x and y? All that were ever defined? And what are the rules about versions 0.n?
> 
> This use of versioning implies that a particular discipline be followed for defining new major/minor version numbers, and for implementors. But no such discipline is described.
> 
> Additional text is needed to nail all of this down.
> 
> (2) NIT:
> 
> The Introduction says:
> 
>      The negotiation of the Token Binding protocol and key
>      parameters in combination with TLS 1.3 and later versions is beyond
>      the scope of this document.
> 
> while item (3) of section 3 says:
> 
>          This requirement only applies when TLS 1.2 or an older TLS
>          version is used (see security considerations section below for
>          more details).
> 
> Taken together these seem odd - the requirement only applies to the entire scope of the document!
> 
> Please consider if these are saying what you mean, and tweak the wording.
>

[Gen-art] Gen-ART Last Call review of draft-ietf-… Paul Kyzivat
Re: [Gen-art] Gen-ART Last Call review of draft-i… Andrei Popov
Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
Re: [Gen-art] Gen-ART Last Call review of draft-i… Andrei Popov
Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat