Professional Documents
Culture Documents
com/2018/10/10/token_binding_protocol_rfc/
{* SECURITY *}
Compared to bygone days, the 2018 user has pretty good security: the
websites they visit can be protected with HTTPS, their logins can be
protected with OAuth, and so on.
1 of 5 22-01-2021, 02:28 pm
Google and Microsoft boffins playing nicely together to stop replay attacks in their tracks • The Register https://www.theregister.com/2018/10/10/token_binding_protocol_rfc/
an attacker, and that would block replay attacks. 1 disclosure docs reveal Tim
Cook gave him $5,999 Mac
Pro, the 'first' made in Texas
To establish token binding, the user agent would generate a private-
public key pair for each "target" server – that is, the client presents its On his way out, Trump emits
public key, and the handshake establishes a private key. This would
happen for each TLS connection to that server.
2 exec order suggesting US
cloud giants must verify ID
of all foreign customers
As the RFC noted: "In order to successfully export and replay a bound
With depressing
security token, an attacker needs to also be able to use the client's
predictability, FCC boss
private key; this is hard to do if the key is specially protected" – for 3 leaves office with a list of his
example, if the key was generated in a hardware module. deeds... and a giant middle
finger to America
The authors have designed the protocol to avoid adding round trips to the
normal TLS handshake: it consists of a single message sent by the client Windows Product Activation
proving possession of the asymmetric private key. If it checks OK, the 4 – or just how many numbers
we could get a user to tell us
server creates the binding with the ID contained in the client's message. down the telephone
2 of 5 22-01-2021, 02:28 pm
Google and Microsoft boffins playing nicely together to stop replay attacks in their tracks • The Register https://www.theregister.com/2018/10/10/token_binding_protocol_rfc/
Exactly how the token is bound to the TLS layer, the RFC noted, will be Raspberry Pi Foundation
specific to the application: the Token Binding ID or its cryptographic hash
could be embedded in the security token, or could be maintained in a
5 moves into microcontrollers
with the $4 Pi Pico using
homegrown silicon
database mapping tokens to the binding IDs.
The RFC noted that there is one scenario in which a user is still
vulnerable: the bound token could be accessible to malware on their
machine. Their suggestion of using hardware modules (like security
dongles) to generate the key was designed to guard against that.
The RFC also carried the recommendation that bound tokens need to be
integrity-protected, so that attackers can't switch out a Token Binding ID
for one of their own choosing without being detected.
Popov, Nystroem and Balfanz put their names to RFC 8472 , which
defines a TLS extension using the Token Binding Protocol; and RFC
8473 (Popov, Nystroem, Balfanz, Hodges, and Google's Nick Harper)
described how to apply the protocol to HTTP.
Token binding has only reached RFC stage for TLS 1.2, but this Internet
Draft shows that TLS 1.3 isn't being ignored. ®
8 Comments
3 of 5 22-01-2021, 02:28 pm
Google and Microsoft boffins playing nicely together to stop replay attacks in their tracks • The Register https://www.theregister.com/2018/10/10/token_binding_protocol_rfc/
// KEEP READING
4 of 5 22-01-2021, 02:28 pm
Google and Microsoft boffins playing nicely together to stop replay attacks in their tracks • The Register https://www.theregister.com/2018/10/10/token_binding_protocol_rfc/
The Register - Independent news and views for the tech community. Part of
Situation Publishing
5 of 5 22-01-2021, 02:28 pm