Skip to main content

HTTPS Token Binding with TLS Terminating Reverse Proxies

Document Type Expired Internet-Draft (tokbind WG)
Expired & archived
Author Brian Campbell
Last updated 2020-01-06 (Latest revision 2019-07-05)
Replaces draft-campbell-tokbind-ttrp
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Consensus: Waiting for Write-Up
Document shepherd John Bradley
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to John Bradley <>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document defines HTTP header fields that enable a TLS terminating reverse proxy to convey information to a backend server about the validated Token Binding Message received from a client, which enables that backend server to bind, or verify the binding of, cookies and other security tokens to the client's Token Binding key. This facilitates the reverse proxy and backend server functioning together as though they are a single logical server side deployment of HTTPS Token Binding.


Brian Campbell

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)