Re: [Unbearable] I-D Action: draft-ietf-tokbind-https-10.txt
Denis <denis.ietf@free.fr> Fri, 21 July 2017 09:21 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8176B126557 for <unbearable@ietfa.amsl.com>; Fri, 21 Jul 2017 02:21:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g-Eu6Huy0xOl for <unbearable@ietfa.amsl.com>; Fri, 21 Jul 2017 02:21:21 -0700 (PDT)
Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [IPv6:2a01:e0c:1:1599::15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26571126D46 for <unbearable@ietf.org>; Fri, 21 Jul 2017 02:21:21 -0700 (PDT)
Received: from [192.168.0.13] (unknown [88.182.125.39]) by smtp6-g21.free.fr (Postfix) with ESMTP id 3BBB17803A5 for <unbearable@ietf.org>; Fri, 21 Jul 2017 11:21:18 +0200 (CEST)
To: unbearable@ietf.org
References: <150062800542.11311.4823917490193775849@ietfa.amsl.com>
From: Denis <denis.ietf@free.fr>
Message-ID: <6029f39a-ea91-a5ae-60cf-d52d0aeeb718@free.fr>
Date: Fri, 21 Jul 2017 11:21:19 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <150062800542.11311.4823917490193775849@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/9Vprsx_QfPXBb9nyiZT07aLaDIU>
Subject: Re: [Unbearable] I-D Action: draft-ietf-tokbind-https-10.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 09:21:23 -0000
This ID is still lacking to indicate that this mechanism will be ineffective in case of a collusion between clients. This should be clearly indicated in the Security Considerations section. Denis > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Token Binding WG of the IETF. > > Title : Token Binding over HTTP > Authors : Andrei Popov > Magnus Nyström > Dirk Balfanz > Adam Langley > Nick Harper > Jeff Hodges > Filename : draft-ietf-tokbind-https-10.txt > Pages : 22 > Date : 2017-07-21 > > Abstract: > This document describes a collection of mechanisms that allow HTTP > servers to cryptographically bind security tokens (such as cookies > and OAuth tokens) to TLS connections. > > We describe both first-party and federated scenarios. In a first- > party scenario, an HTTP server is able to cryptographically bind the > security tokens it issues to a client, and which the client > subsequently returns to the server, to the TLS connection between the > client and server. Such bound security tokens are protected from > misuse since the server can generally detect if they are replayed > inappropriately, e.g., over other TLS connections. > > Federated token bindings, on the other hand, allow servers to > cryptographically bind security tokens to a TLS connection that the > client has with a different server than the one issuing the token. > > This Internet-Draft is a companion document to The Token Binding > Protocol. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tokbind-https/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tokbind-https-10 > https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https-10 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tokbind-https-10 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Unbearable mailing list > Unbearable@ietf.org > https://www.ietf.org/mailman/listinfo/unbearable
- [Unbearable] I-D Action: draft-ietf-tokbind-https… internet-drafts
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-h… Denis
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-h… Nick Harper
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-h… Denis
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-h… Leif Johansson
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-h… Denis
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-h… Leif Johansson
- Re: [Unbearable] I-D Action: draft-ietf-tokbind-h… Amos Jeffries