[Unbearable] Opsdir last call review of draft-ietf-tokbind-negotiation-10

Will LIU <liushucheng@huawei.com> Mon, 04 December 2017 13:19 UTC

Return-Path: <liushucheng@huawei.com>
X-Original-To: unbearable@ietf.org
Delivered-To: unbearable@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E503B127275; Mon, 4 Dec 2017 05:19:14 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Will LIU <liushucheng@huawei.com>
To: ops-dir@ietf.org
Cc: unbearable@ietf.org, draft-ietf-tokbind-negotiation.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.66.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151239355490.6314.4963597716182552461@ietfa.amsl.com>
Date: Mon, 04 Dec 2017 05:19:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/-l-Ca2IhDjHvCsRrf47qJh8pLgw>
Subject: [Unbearable] Opsdir last call review of draft-ietf-tokbind-negotiation-10
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2017 13:19:15 -0000

Reviewer: Will LIU
Review result: Ready

I have reviewed draft-ietf-tokbind-negotiation-10 as part of the Operational
directorate's ongoing effort to review all IETF documents being processed by
the IESG.  These comments were written with the intent of improving the
operational aspects of the IETF drafts. Comments that are not addressed in last
call may be included in AD reviews during the IESG review.  Document editors
and WG chairs should treat these comments just like any other last call

“ This document specifies a Transport Layer Security (TLS) extension for the
negotiation of Token Binding protocol version and key

My overall view of the document is 'Ready with Nits' for publication.

Section 3
>   "token_binding_version" contains the lower of:
>  o  the Token Binding protocol version offered by the client in the
>      "token_binding" extension and
>   o  the highest version supported by the server.

"The highest version" means  the highest *Token Binding protocol* version? If
yes, please indicate directly to eliminate confusion.

Section 8
>   [I-D.ietf-tokbind-protocol]
>             Popov, A., Nystrom, M., Balfanz, D., Langley, A., and J.
>             Hodges, "The Token Binding Protocol Version 1.0", draft-
>             ietf-tokbind-protocol-15 (work in progress), July 2017.

A later version (-16) should be put here.