It is a great pity we did not do something of the sort to describe the use of Kerberos ticket type techniques to preserve state in encrypted HTTP cookies..
One of the reasons we didn't is that people fussed about privacy. So we ended up with all the privacy costs plus insecurity costs.
On Tue, May 12, 2020 at 1:18 AM Benjamin Kaduk <kaduk@xxxxxxx> wrote:
On Thu, May 07, 2020 at 02:05:53PM -0700, Michael Thomas wrote:
>
> So here's the question: the flows that I created are definitely over the
> wire. But they are over the wire between really one party, the web site
> owner, since they control the code (= server, client js) on both ends.
> However as everybody knows, security is not easy so getting those flows
> *correct* is very hard. I have some experience here, and it's mainly
> telling me that I'm sure I got things wrong. So what is the policy
> within IETF where a site could roll their own, but really shouldn't
> because it ought to be vetted? Is standardizing such a thing in scope
> in IETF or other standards bodies? Because at its heart is not
> interoperability across implementation, but vetting a security design
> that goes over the wire.
If I understand you correctly, it can be in scope to write up
(informationally, usually) a protocol for sending stuff over the wire
between two endpoints controlled by the same entity that avoids
security-relevant pitfalls.
-Ben