[Unbearable] Fwd: I-D Action: draft-ietf-tokbind-ttrp-03.txt
Brian Campbell <bcampbell@pingidentity.com> Mon, 26 February 2018 19:08 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E870B1270AB for <unbearable@ietfa.amsl.com>; Mon, 26 Feb 2018 11:08:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.44
X-Spam-Level:
X-Spam-Status: No, score=-2.44 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yD6nXRAn6AJY for <unbearable@ietfa.amsl.com>; Mon, 26 Feb 2018 11:08:39 -0800 (PST)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EC94124239 for <unbearable@ietf.org>; Mon, 26 Feb 2018 11:08:39 -0800 (PST)
Received: by mail-it0-x235.google.com with SMTP id w63so12058057ita.3 for <unbearable@ietf.org>; Mon, 26 Feb 2018 11:08:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=h0N/RBUxJthrWhjjXaV/WT12vQyJSQQVLaxHvm8j1Ak=; b=A+zzW06B6i2eYB86rnWj4aZmsXZcahaTAUdjs/CmyQWvGRy0lPudqjgPnJDIoKBuX7 pbyosobYaXHL2QLX01l6z/Dccc8cjjz9gvzEAA6MrqOTdnr9NM/90whuR9fJud7GEJJJ rcvwLchxzOYki8X5ZruZCu9gIVMiocNz+XnVE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=h0N/RBUxJthrWhjjXaV/WT12vQyJSQQVLaxHvm8j1Ak=; b=l6VYSfLRQAX72W3ln0hX8Ja9ZCpvP6x2Wo1xfpFL5lAZX+oVjoBlTQdx0Bd0fQVPqQ OVDa8Eo/zwx9HhqpwMqSkkNKrDs4vgAhGGQ9g95S8O8g1us/fwc4Y9Nly5MKhGTXJ9W1 enbDbHz73sC63ocVaY/Iq2XNmkt70Lsgze4KfIQR40OKlUm7kxw7t61u39262ZCh3a4/ lFWgu16O0ODApnozNhwZbTUisV3UAXsWk0ptezAE1AwyHjyYqgfOsjHrvbT76nmVQr3V yZbpr11bb2eEjwz9F6e5aXPmFqlQ3TNHKeD/toRJfq0vlqX7MJ5OdZEPyPHeEjt2QTG9 /y6A==
X-Gm-Message-State: APf1xPAtX6RvNNBnVT0G5tvfUcoq1XizkprriVCVZvSG/S/2Iz17FfWZ XB1Is1+0nxrch+j+jAdSV2pOWI2RNCzPsvuwnOz1/6g17IMbEHWWgRCaw1NjmpQhibnPzqEOfjD vCGB+I5MqrV6EaygKTLbm
X-Google-Smtp-Source: AG47ELteyEq47do47m62V03/ridZxVnP4++OXpgJulFZZ8AGJQzinPnP22K3WptKYtfJ7w7Ngsw8sJPQYgCKQVjUptY=
X-Received: by 10.36.164.74 with SMTP id v10mr13533904iti.25.1519672118629; Mon, 26 Feb 2018 11:08:38 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.73.200 with HTTP; Mon, 26 Feb 2018 11:08:08 -0800 (PST)
In-Reply-To: <151966384454.31386.1177711202602130184@ietfa.amsl.com>
References: <151966384454.31386.1177711202602130184@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 26 Feb 2018 12:08:08 -0700
Message-ID: <CA+k3eCQRX37hoRpQWJmWpF9Fu3JbmfygX5oz3DVY5NFy_DQMMw@mail.gmail.com>
To: IETF Tokbind WG <unbearable@ietf.org>
Content-Type: multipart/alternative; boundary="f403045fba74ce90890566223cc0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/YcelF2g0X613lD34uepMmqyU5N0>
Subject: [Unbearable] Fwd: I-D Action: draft-ietf-tokbind-ttrp-03.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 19:08:42 -0000
A new draft of "HTTPS Token Binding with TLS Terminating Reverse Proxies" has been published. The only substantive change is the addition of a header and encoding/formatting to allow for additional token binding types (other than provided and referred) to be conveyed from the TTRP to the backend application(s). That is functionality that had been requested during both the Singapore and Prague meetings. I'd balked at adding it for a while because of some skepticism about its usefulness in practice, not wanting to bloat the document, and lack of clarity around whether or not there is (rough) consensus for it. I'm still somewhat skeptical but, after making the addition, I don't think the document bloat is particularly bad. So at this point I'm looking to better gauge the consensus or lack thereof for supporting additional token binding types in the TTRP draft. ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: Mon, Feb 26, 2018 at 9:50 AM Subject: [Unbearable] I-D Action: draft-ietf-tokbind-ttrp-03.txt To: i-d-announce@ietf.org Cc: unbearable@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Token Binding WG of the IETF. Title : HTTPS Token Binding with TLS Terminating Reverse Proxies Author : Brian Campbell Filename : draft-ietf-tokbind-ttrp-03.txt Pages : 12 Date : 2018-02-26 Abstract: This document defines HTTP header fields that enable a TLS terminating reverse proxy to convey information to a backend server about the validated Token Binding Message received from a client, which enables that backend server to bind, or verify the binding of, cookies and other security tokens to the client's Token Binding key. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tokbind-ttrp/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-tokbind-ttrp-03 https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tokbind-ttrp-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Unbearable mailing list Unbearable@ietf.org https://www.ietf.org/mailman/listinfo/unbearable -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
- [Unbearable] I-D Action: draft-ietf-tokbind-ttrp-… internet-drafts
- [Unbearable] Fwd: I-D Action: draft-ietf-tokbind-… Brian Campbell