tls   7481

« earlier    

RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients
OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced "pixy").
OAuth  code  security  TLS  HTTPS  standard 
2 days ago by activescott
RFC 8473 - Token Binding over HTTP
This document describes a collection of mechanisms that allow HTTP servers to cryptographically bind security tokens (such as cookies and OAuth tokens) to TLS connections. We describe both first-party and federated scenarios. In a first- party scenario, an HTTP server is able to cryptographically bind the security tokens that it issues to a client -- and that the client subsequently returns to the server -- to the TLS connection between the client and the server. Such bound security tokens are protected from misuse, since the server can generally detect if they are replayed inappropriately, e.g., over other TLS connections. Federated Token Bindings, on the other hand, allow servers to cryptographically bind security tokens to a TLS connection that the client has with a different server than the one issuing the token. This document is a companion document to "The Token Binding Protocol Version 1.0" (RFC 8471).
OAuth  code  security  TLS  HTTPS  standard 
2 days ago by activescott
Certificate management · kubernetes/dashboard Wiki
General-purpose web UI for Kubernetes clusters. Contribute to kubernetes/dashboard development by creating an account on GitHub.
kubernetes  dashboard  tls  certificates 
2 days ago by vonc

« earlier    

related tags

1.3  advice  ambassador  authentication  beacon  browser  byte  c2  certificate  certificates  channel  check  client  cloudflare  code  communications  computing  connection  crypto  cryptography  ct  dashboard  decryption  dehydrated  detection  dns  dockerfile  docs  doh  education  encryption  engine  esxi  etls  evaluation  explained  fail  getpocket  gke  go  guide  hacking  handshake  helm  hn  howto  http  https  ifttt  information  interception  intranet  java  java10  jep  kafka  keys  kubernetes  layer  letsencrypt  log  middlebox  mtls  mutual  network  networking  networks  oauth  openjdk  openssl  passive  pdf  pentesting  pki  privacy  protocol  protocols  rant  rants  redteam  reference  roca  rust  search  secondary  secure  securitate  security  server  service  smartermail  sni  spf  ssl  sslcertificates  standard  standards  sysadmin  tech  terraform  terribad  test  testing  tfav  threads  tls1.3  tls13  tlsv1.3  tools  tutorial  tutorials  twitter  utilities  utm  variant  violation  virus  visualization  vmware  web  webdesign  webhosting  websecurity  wordfence 

Copy this bookmark: