[Ach] Recommendations creating CSRs

Hanno Böck hanno at hboeck.de
Sun Sep 28 21:26:12 CEST 2014

On Sun, 28 Sep 2014 20:42:41 +0200
Aaron Zauner <azet at azet.org> wrote:

> HTKP is basically TOFU security with a more user friendly
> implementation. I do not see it getting
> accepted by IETF consensus, but I might be wrong.
> https://tools.ietf.org/html/draft-ietf-websec-key-pinning

I recently had a look into HPKP and appart from the fact
that it's http-only I really like it.

And - it's already usable today. It will protect your chrome users and
firefox has announced at least plans to implement.
Given that and the well known problems of the CA system I was quite
surprised that a good solution exists and nobody uses this.

In case anyone's interested, I recently created a script to help
creating the headers required for hpkp.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140928/9b70f04f/attachment.sig>

More information about the Ach mailing list