> It would prevent that because the transmitted cookie from the > legitimate browser is bound to that browser's TLS connection, via a > MAC. So the MITM can't reuse the cookie.
Perhaps like Tobias I'm not seeing how this is enforced. You mention in your proposal that "The browser can easily calculate the key and binding values for every TLS connection" indicating that an attacker who steals the cookie value "session=123" could simply start a new TLS connection and send "session=123", computing a new MAC based on the new TLS connection details and this would appear legitimate to the server. What prevents this, which seems like an attack the system is designed to guard against? Joe
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
