Re: [Unbearable] Token Binding test server and test page?
Nick Harper <nharper@google.com> Thu, 16 February 2017 01:56 UTC
Return-Path: <nharper@google.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 398CC129C40 for <unbearable@ietfa.amsl.com>; Wed, 15 Feb 2017 17:56:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.74
X-Spam-Level:
X-Spam-Status: No, score=-1.74 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OKtfe1DwoBl4 for <unbearable@ietfa.amsl.com>; Wed, 15 Feb 2017 17:56:52 -0800 (PST)
Received: from mail-yb0-x22a.google.com (mail-yb0-x22a.google.com [IPv6:2607:f8b0:4002:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B0C61293FE for <unbearable@ietf.org>; Wed, 15 Feb 2017 17:56:52 -0800 (PST)
Received: by mail-yb0-x22a.google.com with SMTP id o65so1017626ybo.2 for <unbearable@ietf.org>; Wed, 15 Feb 2017 17:56:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/Uw1jzusyUysxQB9qgen+/rRDW/YcZulZPHuC8vmE3Y=; b=SiIJQn+sbblXp+LdyBQDvILO3b7aQ3sUvISAaAfsMrLxZCZtx4rZvKiAO+1IdICMBE 9ftLW0efJlbVhJKl6X/4EnE6dGdGkB4hTNEr+6aRVMmTAAvUx8piZUMPLN0HHsBUdo1N 0xsHsqacYKJ9BjydJEqLnaC1IEWWyjVMrIh8SHjA9BbnCG+836J9IKrbMD5MWj9SlX4B fHNxcnr2tRRix8jB+nXUJrcsGnk66ZqjmgR9zYqNDxHOEa5pWEeC3SrzkB11ky196+Rg gvgh7+A8VrMshMjxdFhvnw4eQxAm0SIKLZ1Q6C10+/OJM3j19bMpQ7wZtbTliidbEC+y VRFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/Uw1jzusyUysxQB9qgen+/rRDW/YcZulZPHuC8vmE3Y=; b=ThgnICCpu4DGr9tV1lIp4OOO85eNejMY6IX1viNzlJgDs6N22Le4dKv4zBt/ET0KmO FCOKp+hTmQ9VzhgiJpy5l+UuS1wKZwOXYwC39zZhiwLLdN7oxO/IxaZK4gw3nVeViFoJ NL2lXfd3R5sIb5mkuxi4Y/Yp+5Dr/O4Fbdl++TVfWJWXNFYx5KxIgElF5fryN2tmdXJ5 xO4hM63UWudnWS0yLHc7q3Li4ySFUwVB9M5l/WdU43aFIBRShOum3Bh+0byPcJ9wsnYI 8YpgbeEZAxvKLQEfMn5NXMWGwcHIJeSMJS+T61Xh9Af75oQGlOZdbjC+50HQBn0hZfrm w/aA==
X-Gm-Message-State: AMke39ly16z8tyaXp7Pbd4ZeSJ/uwz3netgIRE0tD2eKvW8Z+6S81r2+hgRN7TwseO3sy5YxLqOOHbuwnbueNpoP
X-Received: by 10.37.221.134 with SMTP id u128mr26691166ybg.195.1487210211268; Wed, 15 Feb 2017 17:56:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.161.87 with HTTP; Wed, 15 Feb 2017 17:56:30 -0800 (PST)
In-Reply-To: <3ade43b7-5e02-f635-b4ef-e7132387273e@KingsMountain.com>
References: <3ade43b7-5e02-f635-b4ef-e7132387273e@KingsMountain.com>
From: Nick Harper <nharper@google.com>
Date: Wed, 15 Feb 2017 17:56:30 -0800
Message-ID: <CACdeXi+=K_TMi+=gqinDVxpMyFEfF871aKnWxVije4CfbvJb0g@mail.gmail.com>
To: =JeffH <Jeff.Hodges@kingsmountain.com>
Content-Type: multipart/alternative; boundary="001a114bcea459cf2c05489c1ced"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/0v91DGAKh1JircTTylSvJGWz_OA>
Cc: IETF TokBind WG <unbearable@ietf.org>
Subject: Re: [Unbearable] Token Binding test server and test page?
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2017 01:56:54 -0000
On Wed, Feb 15, 2017 at 5:00 PM, =JeffH <Jeff.Hodges@kingsmountain.com> wrote: > In <https://www.ietf.org/mail-archive/web/unbearable/current/msg01125.html> > Bill Cox <waywardgeek at google.com> replied: > > john bradley <ve7jtb at ve7jtb.com> asked: > >> Do you have any test page that would show if the cookies are > >> successfully token bound ? > > > > I don't think we've built such a page yet. Would it be useful? > > Yes, please :) > > ..and have it show the received STB, a decoded and parsed TBMsg, and bound > cookies if any. > > > In <https://www.ietf.org/mail-archive/web/unbearable/current/msg00560.html> > John Bradley noted: > > Currently if you are brave, there is a Python test server > > as part of the Chromium project on Github for testing. > > https://github.com/chromium/chromium > > Are there any more detailed pointers to where the said python test server > resides? and does one still need to build the entire project? Any more > detailed instructions for that specific item? > > The python test server is in //net/tools/testserver/testserver.py. If you run it as "python net/tools/testserver/testserver.py --https port=8443 --token-binding-params=2" and connect to https://localhost:8443/tokbind-ekm, it will return a body with content-type application/octet-stream containing the token binding ekm value. You shouldn't need to build the entire project, but you do need more than just the checkout of the chromium git repo. I think that if you follow the instructions on https://chromium. googlesource.com/chromium/src/+/master/docs/get_the_code.md for your platform through the "Get the code" step (but not "Setting up the build"), it should checkout the dependencies needed to run the python server. > > thanks, > > =JeffH > > > > > > > > > > > > > > > _______________________________________________ > Unbearable mailing list > Unbearable@ietf.org > https://www.ietf.org/mailman/listinfo/unbearable >