draft-ietf-tokbind-negotiation-10.txt   draft-ietf-tokbind-negotiation-11.txt 
Internet Engineering Task Force A. Popov, Ed. Internet Engineering Task Force A. Popov, Ed.
Internet-Draft M. Nystroem Internet-Draft M. Nystroem
Intended status: Standards Track Microsoft Corp. Intended status: Standards Track Microsoft Corp.
Expires: April 18, 2018 D. Balfanz Expires: October 14, 2018 D. Balfanz
A. Langley A. Langley
Google Inc. Google Inc.
October 15, 2017 April 12, 2018
Transport Layer Security (TLS) Extension for Token Binding Protocol Transport Layer Security (TLS) Extension for Token Binding Protocol
Negotiation Negotiation
draft-ietf-tokbind-negotiation-10 draft-ietf-tokbind-negotiation-11
Abstract Abstract
This document specifies a Transport Layer Security (TLS) extension This document specifies a Transport Layer Security (TLS) extension
for the negotiation of Token Binding protocol version and key for the negotiation of Token Binding protocol version and key
parameters. parameters.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 18, 2018. This Internet-Draft will expire on October 14, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 27 skipping to change at page 3, line 27
TB_ProtocolVersion token_binding_version; TB_ProtocolVersion token_binding_version;
TokenBindingKeyParameters key_parameters_list<1..2^8-1> TokenBindingKeyParameters key_parameters_list<1..2^8-1>
} TokenBindingParameters; } TokenBindingParameters;
"token_binding_version" indicates the version of the Token Binding "token_binding_version" indicates the version of the Token Binding
protocol the client wishes to use during this connection. If the protocol the client wishes to use during this connection. If the
client supports multiple Token Binding protocol versions, it SHOULD client supports multiple Token Binding protocol versions, it SHOULD
indicate the latest (highest valued) version in indicate the latest (highest valued) version in
TokenBindingParameters.token_binding_version. TokenBindingParameters.token_binding_version.
[I-D.ietf-tokbind-protocol] describes version {1, 0} of the protocol. [I-D.ietf-tokbind-protocol] describes version {1, 0} of the protocol.
Please note that the server MAY select any lower protocol version,
see section Section 4
"Negotiating Token Binding Protocol Version and Key Parameters" for
more details.
RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH: Prototype RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH: Prototype
implementations of Token Binding drafts can indicate support of a implementations of Token Binding drafts can indicate support of a
specific draft version, e.g. {0, 1} or {0, 2}. specific draft version, e.g. {0, 1} or {0, 2}.
"key_parameters_list" contains the list of identifiers of the Token "key_parameters_list" contains the list of identifiers of the Token
Binding key parameters supported by the client, in descending order Binding key parameters supported by the client, in descending order
of preference. [I-D.ietf-tokbind-protocol] defines an initial set of of preference. [I-D.ietf-tokbind-protocol] defines an initial set of
identifiers for Token Binding key parameters. identifiers for Token Binding key parameters.
skipping to change at page 4, line 10 skipping to change at page 4, line 13
conditions are satisfied: conditions are satisfied:
1. The server supports the Token Binding protocol version offered by 1. The server supports the Token Binding protocol version offered by
the client or a lower version. the client or a lower version.
2. The server finds acceptable Token Binding key parameters on the 2. The server finds acceptable Token Binding key parameters on the
client's list. client's list.
3. The server is also negotiating the Extended Master Secret 3. The server is also negotiating the Extended Master Secret
[RFC7627] and Renegotiation Indication [RFC5746] TLS extensions. [RFC7627] and Renegotiation Indication [RFC5746] TLS extensions.
This requirement only applies when TLS 1.2 or an older TLS This requirement applies when TLS 1.2 or an older TLS version is
version is used (see security considerations section below for used (see section Section 6 "Security Considerations" below for
more details). more details).
The server will ignore any key parameters that it does not recognize. The server will ignore any key parameters that it does not recognize.
The "extension_data" field of the "token_binding" extension is The "extension_data" field of the "token_binding" extension is
structured the same as described above for the client structured the same as described above for the client
"extension_data". "extension_data".
"token_binding_version" contains the lower of: "token_binding_version" contains the lower of:
o the Token Binding protocol version offered by the client in the o the Token Binding protocol version offered by the client in the
skipping to change at page 5, line 10 skipping to change at page 5, line 13
version advertised by the client. version advertised by the client.
3. "key_parameters_list" includes more than one Token Binding key 3. "key_parameters_list" includes more than one Token Binding key
parameters identifier. parameters identifier.
4. "key_parameters_list" includes an identifier that was not 4. "key_parameters_list" includes an identifier that was not
advertised by the client. advertised by the client.
5. TLS 1.2 or an older TLS version is used, but the Extended Master 5. TLS 1.2 or an older TLS version is used, but the Extended Master
Secret [RFC7627] and TLS Renegotiation Indication [RFC5746] Secret [RFC7627] and TLS Renegotiation Indication [RFC5746]
extensions are not negotiated (see security considerations extensions are not negotiated (see section Section 6
section below for more details). "Security Considerations" below for more details).
If the "token_binding" extension is included in the server hello and If the "token_binding" extension is included in the server hello and
the client supports the Token Binding protocol version selected by the client supports the Token Binding protocol version selected by
the server, it means that the version and key parameters have been the server, it means that the version and key parameters have been
negotiated between the client and the server and SHALL be definitive negotiated between the client and the server and SHALL be definitive
for the TLS connection. TLS 1.2 and earlier versions support for the TLS connection. TLS 1.2 and earlier versions support
renegotiation, allowing the client and server to renegotiate the renegotiation, allowing the client and server to renegotiate the
Token Binding protocol version and key parameters on the same Token Binding protocol version and key parameters on the same
connection. The client MUST use the negotiated key parameters in the connection. The client MUST use the negotiated key parameters in the
"provided_token_binding" as described in [I-D.ietf-tokbind-protocol]. "provided_token_binding" as described in [I-D.ietf-tokbind-protocol].
If the client does not support the Token Binding protocol version If the client does not support the Token Binding protocol version
selected by the server, then the connection proceeds without Token selected by the server, then the connection proceeds without Token
Binding. Binding.
Please note that the Token Binding protocol version and key The Token Binding protocol version and key parameters are negotiated
parameters are negotiated for each TLS connection, which means that for each TLS connection, which means that the client and server
the client and server include their "token_binding" extensions both include their "token_binding" extensions both in the full TLS
in the full TLS handshake that establishes a new TLS session and in handshake that establishes a new TLS session and in the subsequent
the subsequent abbreviated TLS handshakes that resume the TLS abbreviated TLS handshakes that resume the TLS session.
session.
5. IANA Considerations 5. IANA Considerations
This document updates the TLS "ExtensionType Values" registry. IANA This document updates the TLS "ExtensionType Values" registry. IANA
has provided the following temporary registration for the has provided the following temporary registration for the
"token_binding" TLS extension: "token_binding" TLS extension:
Value: 24 Value: 24
Extension name: token_binding Extension name: token_binding
Reference: this document Reference: this document
Recommended: Yes
IANA is requested to make this registration permanent, keeping the IANA is requested to make this registration permanent, keeping the
value of 24, which has been used by the prototype implementations of value of 24, which has been used by the prototype implementations of
the Token Binding protocol. the Token Binding protocol.
This document uses "Token Binding Key Parameters" registry originally This document uses "Token Binding Key Parameters" registry originally
created in [I-D.ietf-tokbind-protocol]. This document creates no new created in [I-D.ietf-tokbind-protocol]. This document creates no new
registrations in this registry. registrations in this registry.
6. Security Considerations 6. Security Considerations
skipping to change at page 6, line 36 skipping to change at page 6, line 40
Master Secret [RFC7627] and Renegotiation Indication [RFC5746] TLS Master Secret [RFC7627] and Renegotiation Indication [RFC5746] TLS
extensions have also been negotiated. extensions have also been negotiated.
7. Acknowledgements 7. Acknowledgements
This document incorporates comments and suggestions offered by Eric This document incorporates comments and suggestions offered by Eric
Rescorla, Gabriel Montenegro, Martin Thomson, Vinod Anupam, Anthony Rescorla, Gabriel Montenegro, Martin Thomson, Vinod Anupam, Anthony
Nadalin, Michael B. Jones, Bill Cox, Nick Harper, Brian Campbell and Nadalin, Michael B. Jones, Bill Cox, Nick Harper, Brian Campbell and
others. others.
This document was produced under the chairmanship of John Bradley and
Leif Johansson. The area directors included Eric Rescorla, Kathleen
Moriarty and Stephen Farrell.
8. References 8. References
8.1. Normative References 8.1. Normative References
[I-D.ietf-tokbind-protocol] [I-D.ietf-tokbind-protocol]
Popov, A., Nystrom, M., Balfanz, D., Langley, A., and J. Popov, A., Nystrom, M., Balfanz, D., Langley, A., and J.
Hodges, "The Token Binding Protocol Version 1.0", draft- Hodges, "The Token Binding Protocol Version 1.0", draft-
ietf-tokbind-protocol-15 (work in progress), July 2017. ietf-tokbind-protocol-16 (work in progress), October 2017.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, (TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008, DOI 10.17487/RFC5246, August 2008,
<https://www.rfc-editor.org/info/rfc5246>. <https://www.rfc-editor.org/info/rfc5246>.
 End of changes. 12 change blocks. 
16 lines changed or deleted 25 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/