IETF approves new standards for authentication tokens

17 Oct 2018

In a set of newly approved standards, Internet Engineering Task Force (IETF) approved new technique in protecting authentication tokens from replay attack. Authentication tokens are widely used on Internet. Instead of log in with your credential every time you access your favorite website, your browser shows the server your authentication token. Those tokens could be stolen and later misused in identity theft, or stealing information from services, without a need of knowing your passwords. This vulnerability is known as a ‘replay attack’. New standards propose the creation of pair of cryptographic keys to link personal device to authentication token. One key would be stored on personal device and second one would be public. In this way authentication tokens would correspond with the user device only, blocking the use from different device.

Set of standards included are: Request for Comments: 8471, (Token Binding Protocol), Request for Comments: 8472, and Request for Comments: 8473 (Token binding over HTTP)

Explore the issues

Web standards are a set of formal standards and technical specifications for the world wide web. They ensure that content is accessible across devices and configurations, and therefore provide the core rules for developing websites.

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top