Transport Layer Security Channel ID

Transport Layer Security Channel ID (TLS Channel ID, previously known as Transport Layer Security – Origin Bound Certificates TLS-OBC)[1] is a draft RFC proposal[2][3] Transport Layer Security (TLS) extension that aims to increase TLS security by using certificates on both ends of the TLS connection. Notably, the client is permitted to dynamically create a local, self-signed certificate that provides additional security.

It can also protect users from the related domain cookie attack.[4][5]

Token Binding

Token Binding is an evolution of the TLS Channel ID feature,[6] and the IETF draft has Microsoft and Google as authors.[7]

References

  1. TLS-OBC RFC
  2. TLS Channel ID RFC
  3. Dietz, Michael; Czeskis, Alexei; Balfanz, Dirk; Wallach, Dan (August 8–10, 2012). "Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web" (PDF). Proceedings of the 21st USENIX Security Symposium.
  4. "Related Domain Cookie Attack"
  5. additional info is available here
  6. "Google Chrome Privacy Whitepaper". Google Inc.
  7. A. Popov, Ed., M. Nystroem, Microsoft, D. Balfanz, A. Langley, Google (2016-01-08). "The Token Binding Protocol Version 1.0". {{cite web}}: |author= has generic name (help)CS1 maint: multiple names: authors list (link)


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.