[OAUTH-WG] Token Binding looking for info on browser support
Phil Hunt <phil.hunt@oracle.com> Thu, 13 June 2019 20:50 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD6BD120801 for <oauth@ietfa.amsl.com>; Thu, 13 Jun 2019 13:50:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.309
X-Spam-Level:
X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fC2owVWy87N8 for <oauth@ietfa.amsl.com>; Thu, 13 Jun 2019 13:49:59 -0700 (PDT)
Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 420C8120800 for <oauth@ietf.org>; Thu, 13 Jun 2019 13:49:58 -0700 (PDT)
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5DKnvZf146888 for <oauth@ietf.org>; Thu, 13 Jun 2019 20:49:57 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : content-type : mime-version : subject : message-id : date : to; s=corp-2018-07-02; bh=7TccSu6rtZx8cyHQdIJO4L7nKCvZr6xfPy+TdWyiolI=; b=T6z5VjuDL8z4GdnDq4BUIDYGs88PKbWb48scF+GjyPgqiASol9MgkZNxkqiL9bFERUpL sa5ty8xcrNWBjMFveE/edPvymKah49umva49UWraZdCeMe9gYTQT/ZVgFQK719dyscwO KHJ7HNMkm+IFdL9wQW5Yo+JpTQRIFIwD8t1MLLzbISWvjeLSyrjBJhyDXB2OhHRZEfet qhNCkvMabZVW76IQ7ixPdxY3aet4nEsyqSNO5wHgUaGQkr+FSD4ofZofrJvl3rq/tZ1v bdhIgLxCOmCH+EmFhTtipG6ik4zzJNxiqs6ilxAgfV0nP3VRahpTH+BM39I4zet4h/pk iA==
Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2120.oracle.com with ESMTP id 2t05nr40av-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <oauth@ietf.org>; Thu, 13 Jun 2019 20:49:57 +0000
Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5DKn5W4088990 for <oauth@ietf.org>; Thu, 13 Jun 2019 20:49:56 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3030.oracle.com with ESMTP id 2t04j0prvs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <oauth@ietf.org>; Thu, 13 Jun 2019 20:49:56 +0000
Received: from abhmp0022.oracle.com (abhmp0022.oracle.com [141.146.116.28]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x5DKntlU020548 for <oauth@ietf.org>; Thu, 13 Jun 2019 20:49:55 GMT
Received: from [10.0.1.16] (/24.86.190.97) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 13 Jun 2019 13:49:55 -0700
From: Phil Hunt <phil.hunt@oracle.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F1E9EC2F-1601-4A32-AF3B-4A13391E9578"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <EA36C9F5-5312-4090-8AF0-860F1103D3D6@oracle.com>
Date: Thu, 13 Jun 2019 13:49:54 -0700
To: IETF oauth WG <oauth@ietf.org>
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9287 signatures=668687
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906130156
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9287 signatures=668687
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906130156
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/DTo2anjyyBmekjEsmqZcm3QHaFQ>
Subject: [OAUTH-WG] Token Binding looking for info on browser support
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 20:50:10 -0000
Has anyone heard of any updates on browser support for Token Binding? Does MS Edge still have it? Most of the information out there seems to end with Chromiums decision to back out. I’m still a big believer in thes specs as they provide clean application API separation from security. It’s a nice complement to our MTLS Token Binding approach as well. Thanks, Phil Hunt | Cloud Security and Identity Architect Oracle Corporation, Oracle Cloud Infrastructure @independentid www.independentid.com phil.hunt@oracle.com