[secdir] [new-work] WG Review: Token Binding (tokbind)

The IESG <iesg@ietf.org> Fri, 20 February 2015 18:40 UTC

Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2704F1A8746; Fri, 20 Feb 2015 10:40:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1424457644; bh=lW1ltYFKbgW1Staw/O4e8Obkr3QgpwUYhjR7O8s1opo=; h=MIME-Version:From:To:Message-ID:Date:Subject:Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=DIyM5mTcZWrOGDXYCgIbgoxjxnhXtM8QqhPYLBImdjaLiAsS0BKRLsZmjreBM0pSA 7DQ96zY0sedSDJo+G52f6LBgjE6av8RWy0on2E1Gejz7L4ARdYpISWe+8KVgNNNgzd AhIDtUKJljQnXKJWzTtVpF+KxpZGzZmwbLOh1jwY=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 2ED7E1A8746; Fri, 20 Feb 2015 10:40:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id p8v_wLZKk4tS; Fri, 20 Feb 2015 10:40:41 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5514B1A00E5; Fri, 20 Feb 2015 10:40:41 -0800 (PST)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.11.0.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150220184041.25156.74580.idtracker@ietfa.amsl.com>
Date: Fri, 20 Feb 2015 10:40:41 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/new-work/FXpLOfSfsRcZ3NOJJ77lQ__SdYU>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.15
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/dgo1C3zfFMfc1YeCUgU5UfQlFxY>
X-Mailman-Approved-At: Fri, 20 Feb 2015 10:50:15 -0800
Subject: [secdir] [new-work] WG Review: Token Binding (tokbind)
X-BeenThere: secdir@ietf.org
Reply-To: iesg@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2015 18:40:44 -0000

A new IETF working group has been proposed in the Security Area. The IESG
has not made any determination yet. The following draft charter was
submitted, and is provided for informational purposes only. Please send
your comments to the IESG mailing list (iesg at ietf.org) by 2015-03-02.

Token Binding (tokbind)
Current Status: Proposed WG

Assigned Area Director:
  Stephen Farrell <stephen.farrell@cs.tcd.ie>

Mailing list
  Address: unbearable@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/unbearable
  Archive: http://www.ietf.org/mail-archive/web/unbearable/


Web services generate various security tokens (e.g. HTTP cookies, OAuth
tokens, etc.) for web applications to access protected resources.
Currently these are bearer tokens, i.e. any party in possession of such
token gains access to the protected resource. Attackers export bearer
tokens from client machines or from compromised network connections,
present these bearer tokens to Web services, and impersonate
authenticated users. Token Binding enables defense against such attacks
by  cryptographically binding security tokens to a secret held by the

The tasks of this working group are as follows:

1. Specify the Token Binding protocol v1.0.
2. Specify the use of the Token Binding protocol in combination with

It is a goal of this working group to enable defense against attacks that
involve unauthorized replay of security tokens. Other issues associated
with the use of security tokens are out of scope. Another goal of this
working group is to design the Token Binding protocol such that it would
be also useable with application protocols other than HTTPS. Specifying
alternative application protocols is not a primary goal. 

The main design objectives for the Token Binding protocol, in no
particular order:

1. Allow applications and services to prevent unauthorized replay of
security tokens.
2. Allow strong key protection, e.g. using hardware-bound keys.
3. Support both first-party (server generates a token for later use with
this server) and federation (server generates a token for use with
another server) scenarios.
4. Preserve user privacy.
5. Make the Token Binding protocol useable in combination with a variety
of application protocols.
6. Allow the negotiation of the Token Binding protocol without additional
7. Allow the use of multiple cryptographic algorithms, so that a variety
of secure    hardware modules with different cryptographic capabilities
could be used with Token Binding.
8. Propose Token Binding specification that can be implemented in Web
browsers (but is not limited to them). E.g. Web browsers require that the
same bound security token must be presentable over multiple TLS sessions
and connections.

The working group will use the following documents as a starting point
for its work:

- draft-popov-token-binding-00;
- draft-balfanz-https-token-binding-00.

This WG will collaborate with other IETF WGs, in particular with the TLS,
HTTPbis and Oauth WGs and with the W3C webappsec WG.

  Jan 2016 - HTTPS Token Binding to IESG.
  Jan 2016 - WG document for the Token Binding Protocol v1.0.
  Jan 2016 - WG document for HTTPS Token Binding.
  Jan 2016 - Token Binding Protocol v1.0 to IESG.

new-work mailing list