Transport Layer Security (TLS) Extension for Token Binding Protocol Negotiation
draft-ietf-tokbind-negotiation-14

Document Type Active Internet-Draft (tokbind WG)
Last updated 2018-05-23
Replaces draft-popov-tokbind-negotiation
Stream IETF
Intended RFC status Proposed Standard
Formats plain text xml pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd John Bradley
Shepherd write-up Show (last changed 2017-09-27)
IESG IESG state Approved-announcement to be sent::AD Followup
Consensus Boilerplate Yes
Telechat date
Responsible AD Eric Rescorla
Send notices to John Bradley <ve7jtb@ve7jtb.com>
IANA IANA review state IANA OK - Actions Needed
IANA action state None
Internet Engineering Task Force                            A. Popov, Ed.
Internet-Draft                                               M. Nystroem
Intended status: Standards Track                         Microsoft Corp.
Expires: November 24, 2018                                    D. Balfanz
                                                              A. Langley
                                                             Google Inc.
                                                            May 23, 2018

  Transport Layer Security (TLS) Extension for Token Binding Protocol
                              Negotiation
                   draft-ietf-tokbind-negotiation-14

Abstract

   This document specifies a Transport Layer Security (TLS) extension
   for the negotiation of Token Binding protocol version and key
   parameters.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 24, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Popov, et al.           Expires November 24, 2018               [Page 1]
Internet-Draft   Token Binding Negotiation TLS Extension        May 2018

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   2
   2.  Token Binding Negotiation Client Hello Extension  . . . . . .   2
   3.  Token Binding Negotiation Server Hello Extension  . . . . . .   4
   4.  Negotiating Token Binding Protocol Version and Key Parameters   4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
     6.1.  Downgrade Attacks . . . . . . . . . . . . . . . . . . . .   6
     6.2.  Triple Handshake Vulnerability in TLS 1.2 and Older TLS
           Versions  . . . . . . . . . . . . . . . . . . . . . . . .   6
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   In order to use the Token Binding protocol
   [I-D.ietf-tokbind-protocol], the client and server need to agree on
   the Token Binding protocol version and the parameters (signature
   algorithm, length) of the Token Binding key.  This document specifies
   a new TLS [RFC5246] extension to accomplish this negotiation without
   introducing additional network round-trips in TLS 1.2 and earlier
   versions.  The negotiation of the Token Binding protocol and key
   parameters in combination with TLS 1.3 and later versions is beyond
   the scope of this document.

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  Token Binding Negotiation Client Hello Extension

   The client uses the "token_binding" TLS extension to indicate the
   highest supported Token Binding protocol version and key parameters.

Popov, et al.           Expires November 24, 2018               [Page 2]
Internet-Draft   Token Binding Negotiation TLS Extension        May 2018

   enum {
       token_binding(24), (65535)
   } ExtensionType;

   The "extension_data" field of this extension contains a
   "TokenBindingParameters" value.

   struct {
       uint8 major;
       uint8 minor;
Show full document text