Security review of Transport Layer Security (TLS) Extension for Token Binding Protocol Negotiation draft-ietf-tokbind-negotiation-10 Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. From the abstract "This document specifies a Transport Layer Security (TLS) extension for the negotiation of Token Binding protocol version and key parameters." Token binding assures that the necessary authentication information for a TLS channel is bound solely to that one channel. As a preliminary to that binding, the two participants must agree on a protocol version for establishing a token and the key parameters. The TLS extension for this negotiation in the HELLO messages is the subject of the document under review. The extension seems to me to be necessary, sufficient, secure, and Ready. Hilarie