Skip to main content

Channel Bindings for TLS based on the PRF

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Simon Josefsson
Last updated 2015-09-03 (Latest revision 2015-03-02)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document specify how to compute the 'tls-unique-prf' data that is cryptographically bound to a specific Transport Layer Security (TLS) session. The intention is to use this data as a name of the secure channel for the purpose of a channel binding. The channel bindings can be used by authentication protocols to avoid tunneling attacks and security layer re-use. The data is derived using the TLS Pseudo-Random Function (PRF). Applications of this include SASL- based protocols like IMAP, SMTP and XMPP. The channel binding 'tls- unique-prf' defined in this document is an alternative to 'tls- unique' as described by RFC 5929 and used by SCRAM and GS2.


Simon Josefsson

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)