The IESG has received a request from the Web Security WG (websec) to consider the following document: - 'Public Key Pinning Extension for HTTP' <draft-ietf-websec-key-pinning-19.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2014-08-01. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes an extension to the HTTP protocol allowing web host operators to instruct user agents to remember ("pin") the hosts' cryptographic identities for a given period of time. During that time, UAs will require that the host present a certificate chain including at least one Subject Public Key Info structure whose fingerprint matches one of the pinned fingerprints for that host. By effectively reducing the number of authorities who can authenticate the domain during the lifetime of the pin, pinning may reduce the incidence of man-in-the-middle attacks due to compromised Certification Authorities. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/ballot/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
