Token Binding

A Token Binding key pair is a private/public key pair that the browser uses to authenticate itself during an HTTP session. Unlike TLS client certificates, the use of Token Binding keys does not require any interaction with the user. This is because:
  • it is always clear which Token Binding key to use (so the user doesn't have to be consulted), and
  • the browser always uses a different key with different web sites (so the user doesn't need to give consent to use a Token Binding key).

TLS Extension and HTTP Header

Token Binding is a collection of draft specifications that describe a TLS Extension, a protocol message carrying one or more signatures generated by Token Binding keys, and an encoding of that protocol message for HTTP. Together, these specify how a browser can prove possession of a Token Binding key to a web server.
The Token Binding TLS extension allows client and server to negotiate the use of Token Binding. The basic idea is that once Token Binding is negotiated during the TLS handshake, clients will use Token Binding keys as part of the HTTP protocol. In particular, clients will add an additional Sec-Token-Binding HTTP header to requests they send to the server, which will include a proof (verifiable by the server) that the client is in possession of the private Token Binding key. Clients will use different Token Binding keys for different servers:

On-Demand Key Creation

If the client doesn't have a suitable Token Binding key for the server it is connecting to, it will create a new Token Binding key. Unlike client certificates, Token Binding keys - and the proof that the client possesses them - do not include any information about the user (such as name, email address, etc.); instead, they simply assert - in a cryptographically strong way - that new HTTP sessions to a given server originate from the same client.

User Experience and Cookie-Like Behavior

As noted above, there is no user interface for creating or using Token Binding keys. This is similar to the UI for HTTP cookies: there is typically no UI when a cookie is set, or when it is sent back to the server.
Token Binding keys are similar to cookies in other ways as well:
  • The client uses a different keys for different servers. Unless the servers collaborate, server A cannot find out which key is used by the client for server B.
  • Different browser profiles use different Token Binding keys for the same server.
  • In incognito or private browsing mode, the Token Binding keys used during the browsing session get destroyed when the user closes the incognito or private browsing session.
  • Similar to the UI browsers provide to inspect and clean out cookies, there should be a UI that allows users to reset their Token Binding keys.

Token Binding as a Foundation for Stronger Web Authentication

Once clients use Token Binding, we can build strong authentication mechanisms on top of this. As a first step, we can bind traditional HTTP cookies to the client's Token Binding keys. We can also Token Binding in "holder-of-key" (proof-key) assertions for single-sign-on or federation protocols.