I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please see the FAQ at <​http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Document: draft-ietf-tokbind-negotiation-10 Reviewer: Paul Kyzivat Review Date: 2017-11-26 IETF LC End Date: 2017-11-27 IESG Telechat date: TBD Summary: This draft is on the right track but has open issues, described in the review. Issues: Major: 0 Minor: 1 Nits: 1 (1) MINOR: Section 2 states the following requirement: ... it SHOULD indicate the latest (highest valued) version in TokenBindingParameters.token_binding_version. But this doesn't state the precise meaning of "highest valued version". For example, if the supplied version is 3.5, what does it say about other versions supported? Presumably it covers 3.0...3.5. But what about lower major versions? I guess it must mean that 1.0...1.x and 2.0...2.y are also supported for some value of x and y. But *what* values of x and y? All that were ever defined? And what are the rules about versions 0.n? This use of versioning implies that a particular discipline be followed for defining new major/minor version numbers, and for implementors. But no such discipline is described. Additional text is needed to nail all of this down. (2) NIT: The Introduction says: The negotiation of the Token Binding protocol and key parameters in combination with TLS 1.3 and later versions is beyond the scope of this document. while item (3) of section 3 says: This requirement only applies when TLS 1.2 or an older TLS version is used (see security considerations section below for more details). Taken together these seem odd - the requirement only applies to the entire scope of the document! Please consider if these are saying what you mean, and tweak the wording.