Artart telechat review of draft-ietf-tokbind-negotiation-12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Matthew Miller
Review result: Ready with Issues

IETF LC End Date: N/A
IESG Telechat date: 2018-05-10

Summary:  Ready with a potential issue.


Major issues:  N/A

Minor issues:

In reading the client's processing of the server's "token_binding"
extension, there seems to be the potential for falling through the
cracks with regards to version:

* client MUST terminate the TLS handshake if the server's
  TB_version is greater than the client's highest supported
* client (MUST? SHOULD? MAY?) continue the TLS handshake **without
  Token Binding** if the server's TB_version is not one the client
  is willing to use (e.g., lower than the client's minimum
  acceptable version)
  
As written, it seems that a client that requires token binding has
to finish TLS negotiation, then reject further interactions at
the application level, but it's not clear this is the expected or
best approach.  I think it's worth adding at least some language
about this scenario.

Nits/editorial comments:  N/A





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux