Token Binding over HTTP
draft-ietf-tokbind-https-10

Document Type Active Internet-Draft (tokbind WG)
Last updated 2017-09-25 (latest revision 2017-07-21)
Replaces draft-balfanz-https-token-binding
Stream IETF
Intended RFC status Proposed Standard
Formats plain text xml pdf html bibtex
Stream WG state WG Consensus: Waiting for Write-Up
Document shepherd John Bradley
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to John Bradley <ve7jtb@ve7jtb.com>
Internet Engineering Task Force                                 A. Popov
Internet-Draft                                               M. Nystroem
Intended status: Standards Track                         Microsoft Corp.
Expires: January 22, 2018                                D. Balfanz, Ed.
                                                              A. Langley
                                                               N. Harper
                                                             Google Inc.
                                                               J. Hodges
                                                                  PayPal
                                                           July 21, 2017

                        Token Binding over HTTP
                      draft-ietf-tokbind-https-10

Abstract

   This document describes a collection of mechanisms that allow HTTP
   servers to cryptographically bind security tokens (such as cookies
   and OAuth tokens) to TLS connections.

   We describe both first-party and federated scenarios.  In a first-
   party scenario, an HTTP server is able to cryptographically bind the
   security tokens it issues to a client, and which the client
   subsequently returns to the server, to the TLS connection between the
   client and server.  Such bound security tokens are protected from
   misuse since the server can generally detect if they are replayed
   inappropriately, e.g., over other TLS connections.

   Federated token bindings, on the other hand, allow servers to
   cryptographically bind security tokens to a TLS connection that the
   client has with a different server than the one issuing the token.

   This Internet-Draft is a companion document to The Token Binding
   Protocol.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any

Popov, et al.           Expires January 22, 2018                [Page 1]
Internet-Draft           Token Binding over HTTP               July 2017

   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 22, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   4
   2.  The Sec-Token-Binding HTTP Request Header Field . . . . . . .   4
     2.1.  HTTPS Token Binding Key Pair Scoping  . . . . . . . . . .   5
   3.  TLS Renegotiation . . . . . . . . . . . . . . . . . . . . . .   6
   4.  First-Party Use Cases . . . . . . . . . . . . . . . . . . . .   6
   5.  Federation Use Cases  . . . . . . . . . . . . . . . . . . . .   6
     5.1.  Introduction  . . . . . . . . . . . . . . . . . . . . . .   6
     5.2.  Overview  . . . . . . . . . . . . . . . . . . . . . . . .   7
     5.3.  HTTP Redirects  . . . . . . . . . . . . . . . . . . . . .   8
     5.4.  Negotiated Key Parameters . . . . . . . . . . . . . . . .  10
     5.5.  Federation Example  . . . . . . . . . . . . . . . . . . .  11
   6.  Implementation Considerations . . . . . . . . . . . . . . . .  13
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  13
     7.1.  Security Token Replay . . . . . . . . . . . . . . . . . .  13
     7.2.  Triple Handshake Vulnerability in TLS 1.2 and Older TLS
           Versions  . . . . . . . . . . . . . . . . . . . . . . . .  14
     7.3.  Sensitivity of the Sec-Token-Binding Header . . . . . . .  14
     7.4.  Securing Federated Sign-On Protocols  . . . . . . . . . .  15
   8.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .  17
     8.1.  Scoping of Token Binding Key Pairs  . . . . . . . . . . .  17
Show full document text