[Unbearable] Attested TLS Token Binding
"Mandyam, Giridhar" <mandyam@qti.qualcomm.com> Tue, 07 March 2017 22:02 UTC
Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 095AF1204D9 for <unbearable@ietfa.amsl.com>; Tue, 7 Mar 2017 14:02:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.021
X-Spam-Level:
X-Spam-Status: No, score=-7.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k-orpAiFdVIx for <unbearable@ietfa.amsl.com>; Tue, 7 Mar 2017 14:02:31 -0800 (PST)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C22A1295ED for <unbearable@ietf.org>; Tue, 7 Mar 2017 14:02:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1488924151; x=1520460151; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=r+rjp3jjzfAe0gXKSZobH9N+ee5JIwTrKwtNOHLyi8I=; b=vv8fFWzf9psfGRBjY9lXIDtnVq2+Kst8yzZ/Vfg8IW+W0EB6ek22Fy2Q 2BfXY377v+JVIjuq/SDg+P2yYRwTnOOkpjd+oaXYcXX68Q9cGYk3HICVp B05dEKtHhV+rchJHQuH1rnmJj8/JmxTBH45irxPNV7HzCUqXCZkuZC3w7 g=;
X-IronPort-AV: E=Sophos;i="5.36,260,1486454400"; d="scan'208";a="364197140"
Received: from unknown (HELO ironmsg02-R.qualcomm.com) ([10.53.140.106]) by wolverine02.qualcomm.com with ESMTP; 07 Mar 2017 14:02:31 -0800
X-IronPort-AV: E=McAfee;i="5800,7501,8460"; a="914383174"
X-MGA-submission: MDEVsy0ZJtnnYOGl11rMgIV9RVqrCb+LiQyDasanmrOAQKtkgiUP23RxQVP3VBPBMcU82djzPatIw8ccLHCWW9M9bqu1BJTjbIgj+9amPuMu+Oj1xl5ROV0E7tGjDuK0pT+D9jU9g2zXjX1Nrn0lct6S
Received: from nasanexm01d.na.qualcomm.com ([10.85.0.84]) by ironmsg02-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 07 Mar 2017 14:02:30 -0800
Received: from NASANEXM01C.na.qualcomm.com (10.85.0.83) by NASANEXM01D.na.qualcomm.com (10.85.0.84) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 7 Mar 2017 14:02:30 -0800
Received: from NASANEXM01C.na.qualcomm.com ([10.85.0.83]) by NASANEXM01C.na.qualcomm.com ([10.85.0.83]) with mapi id 15.00.1178.000; Tue, 7 Mar 2017 14:02:30 -0800
From: "Mandyam, Giridhar" <mandyam@qti.qualcomm.com>
To: "unbearable@ietf.org" <unbearable@ietf.org>
Thread-Topic: Attested TLS Token Binding
Thread-Index: AdKXjidovNjqeXYbSIiXIYP9QCqHAw==
Date: Tue, 07 Mar 2017 22:02:30 +0000
Message-ID: <4a45971d9b4b4a87bad8c7c029df928f@NASANEXM01C.na.qualcomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.80.80.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/_BIwbubxuCan2dg4TZAYfTIXqCo>
Subject: [Unbearable] Attested TLS Token Binding
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 22:02:33 -0000
Hello Tokbind WG, Please note that the latest version of "Attested TLS Token Binding" has been uploaded and is available at https://datatracker.ietf.org/doc/draft-mandyam-tokbind-attest/. The document has been simplified from the first version. Among the major changes are: a. A proposed tokbind.extension to carry attestation in the form of a CBOR object. b. Two initial attestation types: packed (see the W3C Web Authentication API specification) and TPM (as defined by the Trusted Computing Group). Attestation types should be extensible, but currently no registry is proposed in the document. We are open to suggestions. c. Removal of the attestation from the TLS handshake. We do believe there are use cases for accessing the attestation in the clear, but this specification may not be the appropriate place for such a feature. Look forward to any feedback you all may have. -Giri Mandyam
- [Unbearable] Attested TLS Token Binding Mandyam, Giridhar
- Re: [Unbearable] Attested TLS Token Binding Giridhar Mandyam