Transport Layer Security Channel ID explained

Transport Layer Security Channel ID (TLS Channel ID, previously known as Transport Layer Security – Origin Bound Certificates TLS-OBC)^[1] is a draft RFC proposal^{[2] [3]} Transport Layer Security (TLS) extension that aims to increase TLS security by using certificates on both ends of the TLS connection. Notably, the client is permitted to dynamically create a local, self-signed certificate that provides additional security.

It can also protect users from the related domain cookie attack.^{[4] [5]}

Token Binding

Token Binding is an evolution of the TLS Channel ID feature,^[6] and the IETF draft has Microsoft and Google as authors.^[7]

External links

• TLS Channel ID IETF Draft
• TLS-OBC for System Administrators

Notes and References

1. http://tools.ietf.org/html/draft-balfanz-tls-obc-01 TLS-OBC RFC
2. http://tools.ietf.org/html/draft-balfanz-tls-channelid-01 TLS Channel ID RFC
3. Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web . Dietz . Michael . Czeskis . Alexei . Balfanz . Dirk . Wallach . Dan . August 8–10, 2012 . Proceedings of the 21st USENIX Security Symposium.
4. http://security.stackexchange.com/a/12419/396 "Related Domain Cookie Attack"
5. https://stackoverflow.com/q/9636857/328397 additional info is available here
6. Web site: Google Chrome Privacy Whitepaper. Google Inc..
7. Web site: The Token Binding Protocol Version 1.0. A. Popov, Ed., M. Nystroem, Microsoft, D. Balfanz, A. Langley, Google. 2016-01-08.