Channel Binding

From MgmtWiki
Revision as of 09:43, 23 August 2018 by Tom (talk | contribs) (Problem)

Jump to: navigation, search

Full Title or Meme

The process of binding an Authentication process to a secure channel that has been established between two communicating end-points.

Context

Problem

  • Original Problem: Channel Rely is an attack against an Authentication process in certain scenarios. If an attacker manages to elicit a client to connect to him, that attacker could take advantage of the authentication mechanism and use it to authenticate against a third party server on which the client has an account with identical credentials. In addition, the attacker could even authenticate against a service running on the client itself. Evan so, the attacker could never learn the user’s password.
  • Token reuse: With OAuth 2.0 or OpenID Connect the risk of token theft through the use of bearer tokens. For two years architects like me have been waiting for Token Binding to get ratified so we would have a transparent mechanism to close this gap. If this gets dropped from Chrome, this enterprise use case doesn't go away

Solution

Reference

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Channel_Binding&oldid=2660"