1.3 Overview

One of the most common practices to validate the proof of possession of a secret on the client in an HTTP transaction is to use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) client authentication. Although this works in many cases, using this method has the following drawbacks.

  • SSL/TLS client authentication is not supported on many HTTP client implementations. There is no simple way for a client application relying on the platform to prove possession of private keys for X509 certificates [RFC4158].

  • It is not convenient to use SSL/TLS client authentication when the service needs to validate proof of possession of multiple keys. With SSL/TLS client authentication, a dynamic renegotiation of client certificates is required after verifying proof of possession of each key. Some server implementations do not support this type of dynamic renegotiation of certificates because the challenge criteria are statically configured on the server.

This protocol provides a way for client applications written on any HTTP client stack to participate in a message-based protocol. A client application uses this protocol at the application layer to prove that its possession of private keys of X509 certificates fits the criteria configured on the server.

To participate in this protocol, the HTTP client application should enable HTTP cookie handling [RFC6265]. The server can use HTTP cookies (that the server can validate and use later) to save any state during the protocol interaction.