Re: [Unbearable] Token Binding for (1-RTT) TLS 1.3 draft

Brian Campbell <> Fri, 28 July 2017 20:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E05A0131473 for <>; Fri, 28 Jul 2017 13:56:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GvcJeGgFuEhG for <>; Fri, 28 Jul 2017 13:56:26 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AB96F12EC51 for <>; Fri, 28 Jul 2017 13:56:26 -0700 (PDT)
Received: by with SMTP id q85so99798882pfq.1 for <>; Fri, 28 Jul 2017 13:56:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OrLY2kTD1RvCPMgBGSq3pXBHyYB2POsfMaVO9WObQHY=; b=jDvRxmA0206EWLAzvisNrSQwFhFtdi7uukO+fuAPC2KF+ESvvQ7z/s9Ri5oOZ7ZfqP sZlX7veoHOffBtuUSeQ+0Y1dqW3byTHFD8vPWihY0T/VKecZtnk+bHCocqjQmHMRUNP7 9KOsVfgB3lo7jtc1WqQndLCutfnt1/aKVpxyg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OrLY2kTD1RvCPMgBGSq3pXBHyYB2POsfMaVO9WObQHY=; b=XU+1qHpe7ThgWbRA3Ts1eyPo745dpFoNzk3xpkW6JVcvrw+sytLCOQN8HpSyjyh0Hy ynP53UvDElKJLWBBKN/9cWX8xiaAMKoGCTFc/UORx7FdOYFi6LcUyMUbhCpu7ML+zvGU S5bMlo0bH0owd4AO0nOru1tcW94oSLTpux+UgjCaEfUxBHbaF39ukasWX3v15kTrDtYI 8ETcIEvL91DZtdOGlyODMHfDMazcurt3+QojXh5JVQR580xUbLQYZsQSDakLYK8XOTxr c/65fkzxegKwX9/C0BZQHWJ9wA3acry1EWeO39B8/kNbBOaxMAUH3xwe0UXNH2p//Ouh vtuw==
X-Gm-Message-State: AIVw113rCoPVoqlYo/E5un8hNgHaKZVceMZXp+y9CCL7hmDLIHpzriXw crwiLkngfF+bYRad/mtzm0H7xcwhDf1QTFV187r6vB4mpdt53ByVCjWDCA7BmJkJiUP2C/1fapY o3pJ4qi/em6k=
X-Received: by with SMTP id d1mr9246017pli.17.1501275386318; Fri, 28 Jul 2017 13:56:26 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 28 Jul 2017 13:55:55 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Brian Campbell <>
Date: Fri, 28 Jul 2017 14:55:55 -0600
Message-ID: <>
To: Nick Harper <>
Cc: IETF Tokbind WG <>
Content-Type: multipart/alternative; boundary="f403045d1f5e1cb446055566eaf5"
Archived-At: <>
Subject: Re: [Unbearable] Token Binding for (1-RTT) TLS 1.3 draft
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 28 Jul 2017 20:56:29 -0000

I was in the apparent minority in thinking that maybe it'd be better to
have all the TB for TLS 1.3 stuff in one document. But, one doc or two, it
seems like this needs to be defined somewhere so I support the WG
considering adoption of draft-nharper-tokbind-tls13.

On Fri, Jul 28, 2017 at 11:39 AM, Nick Harper <> wrote:

> >From the discussion in Prague of wanting to define TB for TLS 1.3 (for
> 1-RTT connections) separately from draft-ietf-tokbind-tls13-0rtt, I
> wrote and uploaded
> to
> provide a short and simple description of how to use TB with 1-RTT TLS
> 1.3. Is the working group interested in adopting this draft?
> _______________________________________________
> Unbearable mailing list

*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you.*