Skip to main content

Token Binding over HTTP
RFC 8473

Revision differences

Document history

Date By Action
2021-03-29
Francesca Palombini Closed request for Telechat review by ARTART with state 'Overtaken by Events'
2018-12-19
(System)
Received changes through RFC Editor sync (changed abstract to 'This document describes a collection of mechanisms that allow HTTP servers to cryptographically bind security tokens …
Received changes through RFC Editor sync (changed abstract to 'This document describes a collection of mechanisms that allow HTTP servers to cryptographically bind security tokens (such as cookies and OAuth tokens) to TLS connections.

We describe both first-party and federated scenarios. In a first- party scenario, an HTTP server is able to cryptographically bind the security tokens that it issues to a client -- and that the client subsequently returns to the server -- to the TLS connection between the client and the server. Such bound security tokens are protected from misuse, since the server can generally detect if they are replayed inappropriately, e.g., over other TLS connections.

Federated Token Bindings, on the other hand, allow servers to cryptographically bind security tokens to a TLS connection that the client has with a different server than the one issuing the token.

This document is a companion document to "The Token Binding Protocol Version 1.0" (RFC 8471).')
2018-10-08
(System)
Received changes through RFC Editor sync (created alias RFC 8473, changed abstract to 'This document describes a collection of mechanisms that allow HTTP servers …
Received changes through RFC Editor sync (created alias RFC 8473, changed abstract to 'This document describes a collection of mechanisms that allow HTTP servers to cryptographically bind security tokens (such as cookies and OAuth tokens) to TLS connections.', changed standardization level to Proposed Standard, changed state to RFC, added RFC published event at 2018-10-08, changed IESG state to RFC Published)
2018-10-08
(System) RFC published