- From: vanupam <notifications@github.com>
- Date: Thu, 11 May 2017 12:24:54 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 11 May 2017 19:25:29 UTC
vanupam commented on this pull request. > +user agent. This association mitigates the risk that attackers can steal the token and use it +themselves, as they will not be able to easily replicate the user agent's secret, +and therefore cannot replicate the cryptographic binding of the token. + +<p>Details are described in TOKBIND-NEGOTIATION, TOKBIND-PROTOCOL and +TOKBIND-HTTPS and integration is defined here. +[[TOKBIND-NEGOTIATION]], [[TOKBIND-PROTOCOL]], and [[TOKBIND-HTTPS]]. + +<p>A <dfn export id=token-binding-id>token binding ID</dfn> is the non-secret representation +of a <a for=/>token-binding key</a>, as described in +<a href="https://tools.ietf.org/html/draft-ietf-tokbind-protocol#section-3.2">section 3.2</a> +of [[TOKBIND-PROTOCOL]]. + +<p>At a very high level, a user agent negotiates the use of Token Binding with the server when it +sets up a TLS connection to the server, and saves metadata (the Token Binding protocol version and +<a for=/>token-binding key parameters</a> resulting from the Token Binding negotiation) for the Updated. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#discussion_r116080733
Received on Thursday, 11 May 2017 19:25:29 UTC