Transport Layer Security Channel ID

From HandWiki

Transport Layer Security Channel ID (TLS Channel ID, previously known as Transport Layer Security – Origin Bound Certificates TLS-OBC)[1] is a draft RFC proposal[2][3] Transport Layer Security (TLS) extension that aims to increase TLS security by using certificates on both ends of the TLS connection. Notably, the client is permitted to dynamically create a local, self-signed certificate that provides additional security.

It can also protect users from the related domain cookie attack.[4][unreliable source?][5][unreliable source?]

Token Binding

Token Binding is an evolution of the TLS Channel ID feature,[6] and the IETF draft has Microsoft and Google as authors.[7]

References

  1. TLS-OBC RFC
  2. TLS Channel ID RFC
  3. Dietz, Michael; Czeskis, Alexei; Balfanz, Dirk; Wallach, Dan (August 8–10, 2012). "Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web". https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final162.pdf. 
  4. "Related Domain Cookie Attack"
  5. additional info is available here
  6. "Google Chrome Privacy Whitepaper". Google Inc.. https://www.google.com/chrome/browser/privacy/whitepaper.html#tls. 
  7. A. Popov, Ed., M. Nystroem, Microsoft, D. Balfanz, A. Langley, Google (2016-01-08). "The Token Binding Protocol Version 1.0". https://tools.ietf.org/html/draft-ietf-tokbind-protocol-04. 

External links




Retrieved from "https://handwiki.org/wiki/index.php?title=Transport_Layer_Security_Channel_ID&oldid=70456"