Open
Bug 1363987
Opened 8 years ago
Updated 1 year ago
Token binding support
Categories
(Core :: Networking: HTTP, enhancement, P5)
Tracking
()
UNCONFIRMED
People
(Reporter: sjoerd-mozilla, Unassigned)
Details
(Whiteboard: [necko-would-take])
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526
Steps to reproduce:
Token binding <https://datatracker.ietf.org/doc/draft-ietf-tokbind-https/> provides an identifier that is unique to the client. This identifier is bound to a public-private keypair, where the client proves ownership of the private key by signing a value during the TLS handshake. This makes it harder for attackers to steal this identifier and impersonate users, compared to cookies or JavaScript values.
This issue is meant to track the status of this feature in Firefox.
J.C. Jones commented on Firefox' position on token binding in <https://github.com/whatwg/fetch/pull/325>:
> As of now [27 Jun 2016], we'd happily review patches to implement it, but it's not on the implementation priorities list for the next few months.
|
||
Updated•8 years ago
|
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
|
|
||
Updated•8 years ago
|
Severity: normal → enhancement
|
||
Updated•8 years ago
|
Whiteboard: [necko-would-take]
|
||
Comment 2•8 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•