Re: [Unbearable] Token Binding for (1-RTT) TLS 1.3 draft
Brian Campbell <bcampbell@pingidentity.com> Fri, 28 July 2017 20:56 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E05A0131473 for <unbearable@ietfa.amsl.com>; Fri, 28 Jul 2017 13:56:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvcJeGgFuEhG for <unbearable@ietfa.amsl.com>; Fri, 28 Jul 2017 13:56:26 -0700 (PDT)
Received: from mail-pf0-x22c.google.com (mail-pf0-x22c.google.com [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB96F12EC51 for <unbearable@ietf.org>; Fri, 28 Jul 2017 13:56:26 -0700 (PDT)
Received: by mail-pf0-x22c.google.com with SMTP id q85so99798882pfq.1 for <unbearable@ietf.org>; Fri, 28 Jul 2017 13:56:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OrLY2kTD1RvCPMgBGSq3pXBHyYB2POsfMaVO9WObQHY=; b=jDvRxmA0206EWLAzvisNrSQwFhFtdi7uukO+fuAPC2KF+ESvvQ7z/s9Ri5oOZ7ZfqP sZlX7veoHOffBtuUSeQ+0Y1dqW3byTHFD8vPWihY0T/VKecZtnk+bHCocqjQmHMRUNP7 9KOsVfgB3lo7jtc1WqQndLCutfnt1/aKVpxyg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OrLY2kTD1RvCPMgBGSq3pXBHyYB2POsfMaVO9WObQHY=; b=XU+1qHpe7ThgWbRA3Ts1eyPo745dpFoNzk3xpkW6JVcvrw+sytLCOQN8HpSyjyh0Hy ynP53UvDElKJLWBBKN/9cWX8xiaAMKoGCTFc/UORx7FdOYFi6LcUyMUbhCpu7ML+zvGU S5bMlo0bH0owd4AO0nOru1tcW94oSLTpux+UgjCaEfUxBHbaF39ukasWX3v15kTrDtYI 8ETcIEvL91DZtdOGlyODMHfDMazcurt3+QojXh5JVQR580xUbLQYZsQSDakLYK8XOTxr c/65fkzxegKwX9/C0BZQHWJ9wA3acry1EWeO39B8/kNbBOaxMAUH3xwe0UXNH2p//Ouh vtuw==
X-Gm-Message-State: AIVw113rCoPVoqlYo/E5un8hNgHaKZVceMZXp+y9CCL7hmDLIHpzriXw crwiLkngfF+bYRad/mtzm0H7xcwhDf1QTFV187r6vB4mpdt53ByVCjWDCA7BmJkJiUP2C/1fapY o3pJ4qi/em6k=
X-Received: by 10.84.212.1 with SMTP id d1mr9246017pli.17.1501275386318; Fri, 28 Jul 2017 13:56:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.145.87 with HTTP; Fri, 28 Jul 2017 13:55:55 -0700 (PDT)
In-Reply-To: <CACdeXiK0oMiTf+89VwAkw54VhbaVAyWNhw253JDy3QKMqHbLZA@mail.gmail.com>
References: <CACdeXiK0oMiTf+89VwAkw54VhbaVAyWNhw253JDy3QKMqHbLZA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 28 Jul 2017 14:55:55 -0600
Message-ID: <CA+k3eCT1ND5XgA5bOuPfauu071+0658m69qNk53cJDF8fGwhCg@mail.gmail.com>
To: Nick Harper <nharper@google.com>
Cc: IETF Tokbind WG <unbearable@ietf.org>
Content-Type: multipart/alternative; boundary="f403045d1f5e1cb446055566eaf5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/0Fi7JXGjEkQrl8JhmTXfAnBVGYM>
Subject: Re: [Unbearable] Token Binding for (1-RTT) TLS 1.3 draft
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 20:56:29 -0000
I was in the apparent minority in thinking that maybe it'd be better to have all the TB for TLS 1.3 stuff in one document. But, one doc or two, it seems like this needs to be defined somewhere so I support the WG considering adoption of draft-nharper-tokbind-tls13. On Fri, Jul 28, 2017 at 11:39 AM, Nick Harper <nharper@google.com> wrote: > >From the discussion in Prague of wanting to define TB for TLS 1.3 (for > 1-RTT connections) separately from draft-ietf-tokbind-tls13-0rtt, I > wrote and uploaded > https://datatracker.ietf.org/doc/draft-nharper-tokbind-tls13/ to > provide a short and simple description of how to use TB with 1-RTT TLS > 1.3. Is the working group interested in adopting this draft? > > _______________________________________________ > Unbearable mailing list > Unbearable@ietf.org > https://www.ietf.org/mailman/listinfo/unbearable > -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
- [Unbearable] Token Binding for (1-RTT) TLS 1.3 dr… Nick Harper
- Re: [Unbearable] Token Binding for (1-RTT) TLS 1.… Brian Campbell