Filter Blogs expand_more
Blog add
Authors add
Solutions add
Products add
Product Categories add
3 Results for 'public key pinning'

Public Key Pinning

By Bruce Morton
September 06, 2013
Public Key Pinning was great idea at first. Google used static public keys to protect their websites. In doing so, the keys were embedded in Chrome and were useful in helping users find the DigiNotar attack in 2011, and in a mistaken certification authority (CA) certificate issued by TURKTRUST in 2012.

Public Key Pinning Extension for HTTP

By Entrust Datacard
January 21, 2013
In 2011, Google added public key pinning to Chrome. They white-listed the certification authority public keys that could be used to secure Google domains.

HTTP Public Key Pinning: No Longer a Good Idea

By Bruce Morton
October 16, 2017
It is very difficult to select a public key or a set of public keys that can be trusted for a long period of time. If the wrong public key is used, a website can be bricked until the server header expires. The wrong key could be provided accidentally or by an attacker. As in many cases, a site can be bricked where the administrator knows nothing about HPKP, or it’s been redirected by an attack.
Page 1 of 1