Filter Blogs expand_more
Blog add
Authors add
Solutions add
Products add
Product Categories add
3 Results for 'public key pinning'

By Bruce Morton

September 06, 2013

Public Key Pinning was great idea at first. Google used static public keys to protect their websites. In doing so, the keys were embedded in Chrome and were useful in helping users find the DigiNotar attack in 2011, and in a mistaken certification authority (CA) certificate issued by TURKTRUST in 2012.

By Entrust Datacard

January 21, 2013

In 2011, Google added public key pinning to Chrome. They white-listed the certification authority public keys that could be used to secure Google domains.

By Bruce Morton

October 16, 2017

It is very difficult to select a public key or a set of public keys that can be trusted for a long period of time. If the wrong public key is used, a website can be bricked until the server header expires. The wrong key could be provided accidentally or by an attacker. As in many cases, a site can be bricked where the administrator knows nothing about HPKP, or it’s been redirected by an attack.
Page 1 of 1