Re: [Unbearable] Attested TLS Token Binding
Giridhar Mandyam <mandyam@qti.qualcomm.com> Sat, 18 March 2017 21:00 UTC
Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D354F12940A for <unbearable@ietfa.amsl.com>; Sat, 18 Mar 2017 14:00:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.022
X-Spam-Level:
X-Spam-Status: No, score=-7.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e095tNwwSI_U for <unbearable@ietfa.amsl.com>; Sat, 18 Mar 2017 14:00:18 -0700 (PDT)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0050C120227 for <unbearable@ietf.org>; Sat, 18 Mar 2017 14:00:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1489870817; x=1521406817; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=vpyaindTQn98rfmOHJNPgD/94pIvzhwQSCXrEF8by70=; b=Y8tdyONMQKX3m1lGwXUeibyyw1qXr7AyN0ftyC2E+mJck7Jt+P/UHYja JHm9HRbXwrQ75DXQy0acFZyVOpLM8NHyjKrZmyi5jBGNQVFG25XgsZULL XCziU+9VqYycmy9Ej7iaphJxsQ1cm6t02FlDXggUBF3nNW0Ev60jcuaGy c=;
X-IronPort-AV: E=Sophos;i="5.36,184,1486454400"; d="scan'208";a="271279269"
Received: from unknown (HELO Ironmsg03-L.qualcomm.com) ([10.53.140.110]) by wolverine01.qualcomm.com with ESMTP; 18 Mar 2017 14:00:17 -0700
X-IronPort-AV: E=McAfee;i="5800,7501,8471"; a="1334162639"
X-MGA-submission: MDE2RIAeSbCGWSOTrHHh/BAxkrtyz3md6svl3bvjbn8dxqOSQgPuffeQLl4frAruQyRhvPczZGBQF6TxKTT+PtbtKkSDseNH+gbAapdVgfsUN6JKYCrgoqhsKYbtu4cWii08vVYc2y4wUahe2TTog3iU
Received: from nasanexm01g.na.qualcomm.com ([10.85.0.33]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 18 Mar 2017 14:00:17 -0700
Received: from NASANEXM01C.na.qualcomm.com (10.85.0.83) by NASANEXM01G.na.qualcomm.com (10.85.0.33) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sat, 18 Mar 2017 14:00:16 -0700
Received: from NASANEXM01C.na.qualcomm.com ([10.85.0.83]) by NASANEXM01C.na.qualcomm.com ([10.85.0.83]) with mapi id 15.00.1178.000; Sat, 18 Mar 2017 14:00:16 -0700
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: "unbearable@ietf.org" <unbearable@ietf.org>
Thread-Topic: Attested TLS Token Binding
Thread-Index: AdKXjidovNjqeXYbSIiXIYP9QCqHAwInFsQA
Date: Sat, 18 Mar 2017 21:00:15 +0000
Message-ID: <b7e6926427d7494391cf8c130f8c81c6@NASANEXM01C.na.qualcomm.com>
References: <4a45971d9b4b4a87bad8c7c029df928f@NASANEXM01C.na.qualcomm.com>
In-Reply-To: <4a45971d9b4b4a87bad8c7c029df928f@NASANEXM01C.na.qualcomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.80.80.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/4T4WRCtLhjAcG6G-rDgrffpYhRY>
Subject: Re: [Unbearable] Attested TLS Token Binding
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Mar 2017 21:00:20 -0000
Hello Tokbind WG, Just a reminder to please provide reviews on this I.-D. Thanks, -Giri Mandyam -----Original Message----- From: Unbearable [mailto:unbearable-bounces@ietf.org] On Behalf Of Mandyam, Giridhar Sent: Tuesday, March 07, 2017 2:03 PM To: unbearable@ietf.org Subject: [Unbearable] Attested TLS Token Binding Hello Tokbind WG, Please note that the latest version of "Attested TLS Token Binding" has been uploaded and is available at https://datatracker.ietf.org/doc/draft-mandyam-tokbind-attest/. The document has been simplified from the first version. Among the major changes are: a. A proposed tokbind.extension to carry attestation in the form of a CBOR object. b. Two initial attestation types: packed (see the W3C Web Authentication API specification) and TPM (as defined by the Trusted Computing Group). Attestation types should be extensible, but currently no registry is proposed in the document. We are open to suggestions. c. Removal of the attestation from the TLS handshake. We do believe there are use cases for accessing the attestation in the clear, but this specification may not be the appropriate place for such a feature. Look forward to any feedback you all may have. -Giri Mandyam _______________________________________________ Unbearable mailing list Unbearable@ietf.org https://www.ietf.org/mailman/listinfo/unbearable
- [Unbearable] Attested TLS Token Binding Mandyam, Giridhar
- Re: [Unbearable] Attested TLS Token Binding Giridhar Mandyam