[Ach] Recommendations creating CSRs
Hanno Böck
hanno at hboeck.de
Sun Sep 28 21:26:12 CEST 2014
On Sun, 28 Sep 2014 20:42:41 +0200
Aaron Zauner <azet at azet.org> wrote:
> HTKP is basically TOFU security with a more user friendly
> implementation. I do not see it getting
> accepted by IETF consensus, but I might be wrong.
> https://tools.ietf.org/html/draft-ietf-websec-key-pinning
I recently had a look into HPKP and appart from the fact
that it's http-only I really like it.
And - it's already usable today. It will protect your chrome users and
firefox has announced at least plans to implement.
Given that and the well known problems of the CA system I was quite
surprised that a good solution exists and nobody uses this.
In case anyone's interested, I recently created a script to help
creating the headers required for hpkp.
https://github.com/hannob/hpkp
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140928/9b70f04f/attachment.sig>
More information about the Ach
mailing list