A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Security Working Group of the IETF.
Title : Public Key Pinning Extension for HTTP
Authors : Chris Evans
Chris Palmer
Ryan Sleevi
Filename : draft-ietf-websec-key-pinning-21.txt
Pages : 28
Date : 2014-10-05
Abstract:
This document defines a new HTTP header that allows web host
operators to instruct user agents to remember ("pin") the hosts'
cryptographic identities over a period of time. During that time,
UAs will require that the host presents a certificate chain including
at least one Subject Public Key Info structure whose fingerprint
matches one of the pinned fingerprints for that host. By effectively
reducing the number of trusted authorities who can authenticate the
domain during the lifetime of the pin, pinning may reduce the
incidence of man-in-the-middle attacks due to compromised
Certification Authorities.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-websec-key-pinning-21
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-websec-key-pinning-21
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
