Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokbind-ttrp-01.txt
Brian Campbell <bcampbell@pingidentity.com> Thu, 03 August 2017 20:21 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33BEF12ECEF for <unbearable@ietfa.amsl.com>; Thu, 3 Aug 2017 13:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hliH2L1nkAXG for <unbearable@ietfa.amsl.com>; Thu, 3 Aug 2017 13:21:11 -0700 (PDT)
Received: from mail-pg0-x232.google.com (mail-pg0-x232.google.com [IPv6:2607:f8b0:400e:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B9AE126DEE for <unbearable@ietf.org>; Thu, 3 Aug 2017 13:21:11 -0700 (PDT)
Received: by mail-pg0-x232.google.com with SMTP id y129so10364689pgy.4 for <unbearable@ietf.org>; Thu, 03 Aug 2017 13:21:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Cq1xSUIn1ycQttolfh2v6K7OLsiK5XOhZ8egwRpJw0k=; b=ANtzDIVOHu5Jpgi3gEjpFmCZ14zpCFfIxKKnM+A9IsdTLoVB9gxgiIBEeBIzCzINCn 3eR35I2tvjUUllWUX2xy4naXieQCJNRNfAM4BmvaULwPexkZZ8jf+zv+1HJOspIGyLM6 e2L+roSAOg+rDzFFuuMSSHNr1xlaH7EKrH1Ok=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Cq1xSUIn1ycQttolfh2v6K7OLsiK5XOhZ8egwRpJw0k=; b=bYEb+oq8BpH6nHJssMrQvEeCVNjHrTigxUM52xo+OiPN0n9TVW8AXmWFJUiM9ftJAY Apn/PxdR4xcmKxozHwvn5QA6o6dhQv4DYWxQ5YqWjI7FrS3DM9IjYA6muPm5T6ZA1Jai 45bRMrwTEoHGyvelUZQ2YNupSofFRK5cgqtlCgNHNNGII45Bx/eOzvERjGOWUgU3DTAG zth+WwUqJv2YCRxztCt/PEUSLmHUuPlgtQZalgCG/4xX/FlYHJMoQ7D1IXvijyPv50+1 ZjeVAWOt8KcdipkGbvIkSs1l8kf4g+K1SeP9QZaAQ81g/a+HZgERZihQ2UoTwagnkqO2 XGvA==
X-Gm-Message-State: AIVw113WPgjhMGR45UeI2Jo7TgobnzNnSNr17oOHtZLU7llWovyd7MX9 aaD5QRd1JdT1cY5QqRfEFUnfHYdzL/RDOzYgwnZKTHRgqZrOO0Xo+WVERMHCNnJ5TCDvetwpDPE njZgphXs3Xt4=
X-Received: by 10.98.63.10 with SMTP id m10mr42210pfa.232.1501791671123; Thu, 03 Aug 2017 13:21:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.182.230 with HTTP; Thu, 3 Aug 2017 13:20:40 -0700 (PDT)
In-Reply-To: <CAH9QtQGu8dxTpH14W7YVRJLbPaooBK1FR-bCPpvyAvEXqvzOBw@mail.gmail.com>
References: <150169636325.5791.16128248741008174399@ietfa.amsl.com> <CA+k3eCRkVoHD_QawfH4fPZJB-WtG=X_zORP0LHV7nD_54qE5Hg@mail.gmail.com> <0618fbec-ce24-d608-bab8-b1a2a24ece47@connect2id.com> <CAH9QtQGu8dxTpH14W7YVRJLbPaooBK1FR-bCPpvyAvEXqvzOBw@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 03 Aug 2017 14:20:40 -0600
Message-ID: <CA+k3eCTvO8VgnJSEWZQZUOKTZGhNhNmKM9EB1xaqH29vehn3Mw@mail.gmail.com>
To: Bill Cox <waywardgeek@google.com>
Cc: Vladimir Dzhuvinov <vladimir@connect2id.com>, Tokbind WG <unbearable@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c112c3e159f490555df1fc3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/5CMYlgedWO1oKq1tLpjCswiO1Oo>
Subject: Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokbind-ttrp-01.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 20:21:13 -0000
On Thu, Aug 3, 2017 at 9:31 AM, Bill Cox <waywardgeek@google.com> wrote: > > One question about the spec: Why must the "sec-token-binding" header be > removed? I did that originally in an implementation, and was asked to stop > "molesting the headers". > This is largely to try and comply with HTTPSTB <https://tools.ietf.org/html/draft-ietf-tokbind-https-10> that says the "Sec-Token-Binding" header is sent by the client when TB is negotiated on the TLS connection. On the connection from the TTRP to the backend, the TTRP is the client and TB isn't negotiated (most likely anyway). -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
- [Unbearable] I-D Action: draft-ietf-tokbind-ttrp-… internet-drafts
- [Unbearable] Fwd: I-D Action: draft-ietf-tokbind-… Brian Campbell
- Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokb… Vladimir Dzhuvinov
- Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokb… Bill Cox
- Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokb… John Bradley
- Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokb… Brian Campbell
- Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokb… Brian Campbell
- Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokb… Vladimir Dzhuvinov
- Re: [Unbearable] Fwd: I-D Action: draft-ietf-tokb… Amos Jeffries