Transport Layer Security (TLS) Extension for Token Binding Protocol Negotiation
RFC 8472
Internet Engineering Task Force (IETF) A. Popov, Ed.
Request for Comments: 8472 M. Nystroem
Category: Standards Track Microsoft Corp.
ISSN: 2070-1721 D. Balfanz
Google Inc.
October 2018
Transport Layer Security (TLS) Extension for
Token Binding Protocol Negotiation
Abstract
This document specifies a Transport Layer Security (TLS) extension
for the negotiation of Token Binding protocol version and key
parameters. Negotiation of Token Binding in TLS 1.3 and later
versions is beyond the scope of this document.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8472.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Popov, et al. Standards Track [Page 1]
RFC 8472 Token Binding Negotiation TLS Extension October 2018
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
2. Token Binding Negotiation ClientHello Extension . . . . . . . 2
3. Token Binding Negotiation ServerHello Extension . . . . . . . 3
4. Negotiating Token Binding Protocol Version and Key Parameters 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
6.1. Downgrade Attacks . . . . . . . . . . . . . . . . . . . . 6
6.2. Triple Handshake Vulnerability in TLS 1.2 and Older TLS
Versions . . . . . . . . . . . . . . . . . . . . . . . . 6
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
7.1. Normative References . . . . . . . . . . . . . . . . . . 7
7.2. Informative References . . . . . . . . . . . . . . . . . 7
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
In order to use the Token Binding protocol [RFC8471], the client and
server need to agree on the Token Binding protocol version and the
parameters (signature algorithm and length) of the Token Binding key.
This document specifies a new TLS [RFC5246] extension to accomplish
this negotiation without introducing additional network round trips
in TLS 1.2 and earlier versions. [TOKENBIND-TLS13] addresses Token
Binding in TLS 1.3. The negotiation of the Token Binding protocol
and key parameters in combination with TLS 1.3 and later versions is
beyond the scope of this document. (Note: This document deals with
TLS 1.2 and therefore refers to RFC 5246 (which has been obsoleted by
RFC 8446). [TOKENBIND-TLS13] addresses Token Binding in TLS 1.3).
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Token Binding Negotiation ClientHello Extension
The client uses the "token_binding" TLS extension to indicate the
highest supported Token Binding protocol version and key parameters.
enum {
token_binding(24), (65535)
} ExtensionType;
Popov, et al. Standards Track [Page 2]
RFC 8472 Token Binding Negotiation TLS Extension October 2018
The "extension_data" field of this extension contains a
"TokenBindingParameters" value.
Show full document text