- From: vanupam <notifications@github.com>
- Date: Tue, 21 Mar 2017 14:27:28 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/325/review/28243065@github.com>
vanupam commented on this pull request.
> +detail in [[TOKBIND-NEGOTIATION]], [[TOKBIND-PROTOCOL]], and [[TOKBIND-HTTPS]].
+
+<p>A <dfn export id=token-binding-id>token binding ID</dfn> is the representation
+of a <a for=/>token binding</a>, as described in
+<a href="https://tools.ietf.org/html/draft-ietf-tokbind-protocol#section-3.2">section 3.2</a>
+of [[TOKBIND-PROTOCOL]].
+
+<p>At a very high level, a user agent negotiates the use of Token Binding with the server when it
+sets up a TLS connection to the server, and saves metadata (the Token Binding protocol version and <a for=/>token binding key parameters</a> resulting from the Token Binding negotiation) for the
+TLS connection. The user agent maintains a <a for=/>token binding key</a> store, where it saves
+different <a for=/>token binding key</a>s to be used with different servers. Whenever the
+<a for=/>token binding key</a> is needed, the user agent looks it up in the
+<a for=/>token binding key</a> store (creating it if needed).
+When the user agent sends a <a for=/>request</a> to the server over the TLS connection,
+it proves possession of the private key by adding and signing a <a for=/>token binding ID</a> in a
+Token Binding HTTP <a for=/>header</a>. The server associates ('binds') credentials that it
Done.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/325#discussion_r107280057
Received on Tuesday, 21 March 2017 21:28:48 UTC