[
https://issues.apache.org/jira/browse/TS-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14618032#comment-14618032
]
Masaori Koshiba commented on TS-3216:
-------------------------------------
{quote}
It assumes that there is only 1 backup pin, the backup pin is contained in a
CSR, and that the CSR is available to ATS. All of these assumptions seem shaky
to me.
----
Do you mean even if there are 2 cert settings in ssl_multicert.config, only one
backup pin is enough?
{quote}
Sorry, I misunderstood. {{hpkp-003.patch}} still asuumes there is only 1 backup
pin.
Is it better to allow lists of CSR files in {{backup_csr.filename}} and
generate pins for each?
> Add HPKP (Public Key Pinning Extension for HTTP) support
> --------------------------------------------------------
>
> Key: TS-3216
> URL: https://issues.apache.org/jira/browse/TS-3216
> Project: Traffic Server
> Issue Type: New Feature
> Components: SSL
> Reporter: Masaori Koshiba
> Labels: review
> Fix For: 6.1.0
>
> Attachments: hpkp-001.patch, hpkp-002.patch, hpkp-003.patch
>
>
> Add "Public Key Pinning Extension for HTTP" Support in Traffic Server.
> RFC 7469 Public Key Pinning Extension for HTTP
> - https://tools.ietf.org/html/rfc7469
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
