[openssl-users] Token Binding Extension?
Jeffrey Walton
noloader at gmail.com
Wed Jul 1 21:04:09 UTC 2015
Does OpenSSL implement the Token Binding extension?
https://tools.ietf.org/html/draft-ietf-tokbind-protocol
Token Binding finds its roots in Origin Bound Certificates
(https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final162.pdf).
I'm also aware of some related, independent work by a fellow named
Jacob Thompson of Independent Security Evaluators.
https://securityevaluators.com/knowledge/case_studies/mutual/
Token Binding and OCB are a useful tool to stop MitM in some security
models, like those used on the web and by browsers.
More information about the openssl-users
mailing list