[Ach] HTTP key pinning (HTKP)
Aaron Zauner
azet at azet.org
Wed Mar 19 23:15:13 CET 2014
Wow. There seems to be a lot going on at the moment. This is still a
draft but might be relevant for future updates of our paper:
http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11
```
This memo describes an extension to the HTTP protocol allowing web
host operators to instruct user agents (UAs) to remember ("pin") the
hosts' cryptographic identities for a given period of time. During
that time, UAs will require that the host present a certificate chain
including at least one Subject Public Key Info structure whose
fingerprint matches one of the pinned fingerprints for that host. By
effectively reducing the number of authorities who can authenticate
the domain during the lifetime of the pin, pinning may reduce the
incidence of man-in-the-middle attacks due to compromised
Certification Authorities.
```
excellent!
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140319/5d248157/attachment.sig>
More information about the Ach
mailing list