Token Binding for 0-RTT TLS 1.3 Connections

Document Type Expired Internet-Draft (tokbind WG)
Last updated 2017-12-30 (latest revision 2017-06-28)
Replaces draft-nharper-0-rtt-token-binding
Stream IETF
Intended RFC status Proposed Standard
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Yes
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes how Token Binding can be used in the 0-RTT data of a TLS 1.3 connection. This involves a new TLS extension to negotiate and indicate the use of Token Binding in 0-RTT data. A TokenBindingMessage sent in 0-RTT data has different security properties than one sent after the TLS handshake has finished, which this document also describes.


Nick Harper (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)