Secdir last call review of draft-ietf-tokbind-protocol-16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Yoav Nir
Review result: Ready

The document seems ready with two minor editorial nits:

1. The first sentence is as follows:
  Often, servers generate various security tokens (e.g.  HTTP cookies, OAuth
  [RFC6749] tokens) If you reference the OAuth RFC, you should also reference
  the HTTP cookie RFC (RFC 6265)

2. The term "bound token" appears in section 2 without any definition. Perhaps
add something like "An application token contained in a token binding message
is called a bound token"

Other than that, the document is well written and the security issues are dealt
with well in sections 4 and 5 as well as the security considerations section
(7).




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]