On Sat, Oct 26, 2019 at 3:55 PM Rifaat Shekh-Yusef <rifaat.i...@gmail.com> wrote:
> > On Fri, Oct 25, 2019 at 3:47 PM Brian Campbell <bcampb...@pingidentity.com> > wrote: > >> >> I did look at RFC7239 when doing that and it could have been made to work >> but felt the fit wasn't quite right and would have been more cumbersome to >> use than not. >> >> > Can you elaborate on this? > These days, with the zero trust model in mind, there are orchestration > tools, e.g. Istio, that easily allows you to establish an MTLS channel > between the reverse proxy/load balancer/API GW and the backend servers. > Why is that not sufficient? > Which part is cumbersome? > What I meant was only that in the course of writing https://tools.ietf.org/html/draft-ietf-tokbind-ttrp-09, which aims to define HTTP header fields that enable a TLS terminating reverse proxy to convey information to a backend server about the validated Token Binding Message received from a client, it seemed more straightforward and sufficient for the use-case to use new HTTP headers to carry the information rather than to use new fields in the Forwarded header framework from RFC7239. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth