[Ach] HTTP key pinning (HTKP)
azet at azet.org
Wed Mar 19 23:44:11 CET 2014
Hanno Böck wrote:
> Any idea why this is done on HTTP? I'd say wrong layer - you want
> the same functionality for TLS in general.
I'm not sure either, probably because Google cares a lot more about HTTP
than any other company out there. The draft was issued by Google
employees. I do agree that this is the wrong layer, although I do not
really care as long as pinning gets common knowledge and deployed more
> And: Isn't this basically the same idea as TACK?
Yes. TACK is even more sexy in terms of specification. The draft expired
last summer though, and I do not see much discussion on that topic at
over at the TLS-WG, it does get mentioned from time to time, so TACK is
certainly not forgotten.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Ach