[Unbearable] I-D Action: draft-ietf-tokbind-https-12.txt

internet-drafts@ietf.org Mon, 08 January 2018 05:18 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: unbearable@ietf.org
Delivered-To: unbearable@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 70337126CC4; Sun, 7 Jan 2018 21:18:57 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: unbearable@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.68.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151538873741.11274.12307605410447965239@ietfa.amsl.com>
Date: Sun, 07 Jan 2018 21:18:57 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/-n804XBXKhy6VFFEYzHRTX8ZlH8>
Subject: [Unbearable] I-D Action: draft-ietf-tokbind-https-12.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 05:18:57 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Token Binding WG of the IETF.

        Title           : Token Binding over HTTP
        Authors         : Andrei Popov
                          Magnus Nyström
                          Dirk Balfanz
                          Adam Langley
                          Nick Harper
                          Jeff Hodges
	Filename        : draft-ietf-tokbind-https-12.txt
	Pages           : 24
	Date            : 2018-01-07

   This document describes a collection of mechanisms that allow HTTP
   servers to cryptographically bind security tokens (such as cookies
   and OAuth tokens) to TLS connections.

   We describe both first-party and federated scenarios.  In a first-
   party scenario, an HTTP server is able to cryptographically bind the
   security tokens it issues to a client, and which the client
   subsequently returns to the server, to the TLS connection between the
   client and server.  Such bound security tokens are protected from
   misuse since the server can generally detect if they are replayed
   inappropriately, e.g., over other TLS connections.

   Federated token bindings, on the other hand, allow servers to
   cryptographically bind security tokens to a TLS connection that the
   client has with a different server than the one issuing the token.

   This Internet-Draft is a companion document to The Token Binding

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at: