Re: New version of draft-altman-tls-channel-bindings

[Simon Josefsson <simon@xxxxxxxxxxxxx>]

Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:

> I've just posted draft-altman-tls-channel-bindings-04.  This version
> re-submits the existing three TLS channel bindings types following
> Larry's note to the IESG transferring "ownership" of his channel binding
> types (Jeff will do so soon for his as well, I think).
>
> References were added, applicability text (based, in part, on
> discussions in this WG) and security considerations text was added, as
> well as minor clarifications.
>
> Please review.  Thanks,

The registration sections 3-5 looks fine to me.

I have two mild concerns on section 6 and 7:

Section 6 mandate rather general restrictions on application protocol
specifications that appear to apply beyond the channel binding types
defined in the document.  It this the document to do that?  It appears
as if the text is written to apply to draft-josefsson-sasl-tls-cb too.

Section 7 suggests implementation requirements on TLS implementations.
GnuTLS has APIs that allows applications to implement tls-unique and
tls-server-end-point, but these interfaces would not follow the MUST in
section 7 at least the way I read them.  I'd prefer to leave API design
to implementers, and hence remove the RFC 2119 keywords from this
section, and have the section provide guidance rather than norms.

Thanks,
/Simon