August 21, 2018
Check out Alex Simons’ and Pamela Dingle’s blog post “It’s Time for Token Bindingâ€. Now that the IETF Token Binding specs are essentially done, it’s time to ask those who write TLS software you use to ship Token Binding support soon, if they haven’t already done so.
Token Binding in a nutshell: When an attacker steals a bearer token sent over TLS, he can use it; when an attacker steals a Token Bound token, it’s useless to him.
No Comments » Posted under IETF & OAuth & OpenID & Specifications & Token Binding
Leave a Reply
You must be logged in to post a comment.
