[Unbearable] I-D Action: draft-ietf-tokbind-https-09.txt

internet-drafts@ietf.org Fri, 21 April 2017 22:48 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: unbearable@ietf.org
Delivered-To: unbearable@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C1CE120726; Fri, 21 Apr 2017 15:48:31 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: unbearable@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.50.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149281491114.25897.10506872069086396509@ietfa.amsl.com>
Date: Fri, 21 Apr 2017 15:48:31 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/Ux301pexzHsB3dSkiSSfd5Zxsr8>
Subject: [Unbearable] I-D Action: draft-ietf-tokbind-https-09.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 22:48:31 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Token Binding of the IETF.

        Title           : Token Binding over HTTP
        Authors         : Andrei Popov
                          Magnus Nyström
                          Dirk Balfanz
                          Adam Langley
                          Jeff Hodges
	Filename        : draft-ietf-tokbind-https-09.txt
	Pages           : 22
	Date            : 2017-04-21

Abstract:
   This document describes a collection of mechanisms that allow HTTP
   servers to cryptographically bind security tokens (such as cookies
   and OAuth tokens) to TLS connections.

   We describe both first-party and federated scenarios.  In a first-
   party scenario, an HTTP server is able to cryptographically bind the
   security tokens it issues to a client, and which the client
   subsequently returns to the server, to the TLS connection between the
   client and server.  Such bound security tokens are protected from
   misuse since the server can generally detect if they are replayed
   inappropriately, e.g., over other TLS connections.

   Federated token bindings, on the other hand, allow servers to
   cryptographically bind security tokens to a TLS connection that the
   client has with a different server than the one issuing the token.

   This Internet-Draft is a companion document to The Token Binding
   Protocol.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-tokbind-https/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-tokbind-https-09
https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https-09

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-tokbind-https-09


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/