[Unbearable] I-D Action: draft-ietf-tokbind-https-18.txt
internet-drafts@ietf.org Tue, 26 June 2018 21:19 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: unbearable@ietf.org
Delivered-To: unbearable@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F4D1130EFF; Tue, 26 Jun 2018 14:19:03 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: unbearable@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <153004794334.18865.3504048883262335022@ietfa.amsl.com>
Date: Tue, 26 Jun 2018 14:19:03 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/9YgsEWm59z0T2HIWL0w0aC9m6n4>
Subject: [Unbearable] I-D Action: draft-ietf-tokbind-https-18.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.26
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2018 21:19:16 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Token Binding WG of the IETF. Title : Token Binding over HTTP Authors : Andrei Popov Magnus Nyström Dirk Balfanz Adam Langley Nick Harper Jeff Hodges Filename : draft-ietf-tokbind-https-18.txt Pages : 25 Date : 2018-06-26 Abstract: This document describes a collection of mechanisms that allow HTTP servers to cryptographically bind security tokens (such as cookies and OAuth tokens) to TLS connections. We describe both first-party and federated scenarios. In a first- party scenario, an HTTP server is able to cryptographically bind the security tokens it issues to a client, and which the client subsequently returns to the server, to the TLS connection between the client and server. Such bound security tokens are protected from misuse since the server can generally detect if they are replayed inappropriately, e.g., over other TLS connections. Federated token bindings, on the other hand, allow servers to cryptographically bind security tokens to a TLS connection that the client has with a different server than the one issuing the token. This document is a companion document to The Token Binding Protocol. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tokbind-https/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-tokbind-https-18 https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https-18 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tokbind-https-18 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/
- [Unbearable] I-D Action: draft-ietf-tokbind-https… internet-drafts