About Public Key Pinning HPKP

Posted on September 13, 2016 by Viet Luu

https://noncombatant.org/2015/05/01/about-http-public-key-pinning/

https://scotthelme.co.uk/hpkp-toolset/

https://report-uri.io/home/tools

http://blog.rlove.org/2015/01/public-key-pinning-hpkp.html

http://news.netcraft.com/archives/2016/03/30/http-public-key-pinning-youre-doing-it-wrong.html

What Is Pinning, And What Does It Solve?

HPKP is an attempt to solve 1 of the big problems in the Web PKI: the fact that essentially any certification authority (CA) or intermediate issuer can issue end-entity (EE, or “leaf”) certificates for essentially any web site. For example, even though the certificate for mail.google.com is issued by “Google Internet Authority G2”, which in turn is issued by the root CA “GeoTrust Global CA”,an obscure Dutch CA can also try to issue certificates for mail.google.com. So, we’d really like some way to stop clients from having to trust such misissued certificates.

0 people found this article useful

Viet Luu has written 318 articles

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

You must be logged in to post a comment.

What Is Pinning, And What Does It Solve?

Viet Luu has written 318 articles

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Leave a Reply