IETF Logo Mail Archive

[Unbearable] HTTPS Token Binding with TLS Terminating Reverse Proxies

Brian Campbell <bcampbell@pingidentity.com> Fri, 14 July 2017 16:59 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DBCC128B8D for <unbearable@ietfa.amsl.com>; Fri, 14 Jul 2017 09:59:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tu5Ef0hZuBro for <unbearable@ietfa.amsl.com>; Fri, 14 Jul 2017 09:59:52 -0700 (PDT)
Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com [IPv6:2607:f8b0:400e:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC7E8126C22 for <unbearable@ietf.org>; Fri, 14 Jul 2017 09:59:52 -0700 (PDT)
Received: by mail-pf0-x236.google.com with SMTP id q85so48122101pfq.1 for <unbearable@ietf.org>; Fri, 14 Jul 2017 09:59:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:from:date:message-id:subject:to; bh=1SJdM3ZsQBov7sQe+AuEithIX7eSkVfOEdJ5pak7V04=; b=mQUNuSTwloDs+M8/hoIZDxNc2eC4zm/OhEAx+YcQ7tyycY4eHdpLIwegppqSpVhWaX OZ14lM1G8Toih6kKxlwysI2FwzaGdGngpRW5qIB13UE5knQCeaBGMcHaLgzZ1Bzp4JQ+ Cyc2pbYbPl+vZdp0+FSy3ksLt3yEcz2XV9FHU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=1SJdM3ZsQBov7sQe+AuEithIX7eSkVfOEdJ5pak7V04=; b=M1wrFsTX9ikH7V7P6TOMG971o9YL/Csx2LYE8i6IZ7FfspFjF4dz+UQ0/K3X7vB5WJ +w8rMidnpxbJ0ua5JyZ6KsAhjmFgHaZOEE56/hI8QkkdvxM+ujY6RbWzDIB9dTrzrGhk UMsS5Sasmn62KzFWSC9Q/a9CZ/U8z8hDN8Gk9GfWVcBUp8c8FczC2XrEHcVB2ZIP3gd1 Nzd5tTd+UeunfcWpCTQFhAeB4FgSo5ZFfbLAXw29t6xURT3/Sb0vcbR8e8zGsjxCCB+a 703NC5uzu26jDXsuBOIMKxjm9GCoBaSPhk7qzVI/YC0oTJpzSyZh4Z+xA/MCHvN293sk Z2hg==
X-Gm-Message-State: AIVw1123zZ+IpWAWBa3Vaxob+uJ3TYtN3cTQJ2LaXyrjJQCQx+0nnkkv zKqJ+gUbzLrVtRv1WdZxhvZOOsHUhnY/jlhhTXRKt6NCDaNTCEOirR1dviIvIYEtIf/93snCg1F nacCkHi6nM1L7WQ==
X-Received: by 10.98.15.71 with SMTP id x68mr6319495pfi.176.1500051592124; Fri, 14 Jul 2017 09:59:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.145.87 with HTTP; Fri, 14 Jul 2017 09:59:21 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 14 Jul 2017 10:59:21 -0600
Message-ID: <CA+k3eCTV7Lpn5j-7agVQ_q9iHhx397WdNf6Ys8fwZD+RJgGMzg@mail.gmail.com>
To: IETF Tokbind WG <unbearable@ietf.org>
Content-Type: multipart/alternative; boundary="001a1137741e4b3841055449facf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/jhIou3utWihwEb-65yYyAc1XfTM>
Subject: [Unbearable] HTTPS Token Binding with TLS Terminating Reverse Proxies
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jul 2017 16:59:54 -0000

Just a not-so-subtle reminder that HTTPS Token Binding with TLS Terminating
Reverse Proxies is one of the agenda items for Monday's meeting in Prague
and it would be great if there was some familiarity with it going into the
meeting. It's relativity short as drafts go, if you're looking for
something to read en route to the meeting: https://tools.ietf.org/html/
draft-campbell-tokbind-ttrp-00

-- 
*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you.*

v2.23.0 | Report a Bug | By Email