Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Add HPKP header #2427

Closed
g-k opened this issue Mar 20, 2017 · 0 comments
Closed

Add HPKP header #2427

g-k opened this issue Mar 20, 2017 · 0 comments
Assignees
@relud
Labels
security Security issue: can be an active issue, or related to security hygene
Milestone
General Release 55

Comments

@g-k
Copy link
Contributor

g-k commented Mar 20, 2017

HPKP instructs a user agent to bind a site to specific root certificate authority, intermediate certificate authority, or end-entity public key. This prevents certificate authorities from issuing unauthorized certificates for a given domain that would nevertheless be trusted by the browsers. These fradulent certificates would allow an active attacker to MitM and impersonate a website, intercepting credentials and other sensitive data.

https://wiki.mozilla.org/Security/Guidelines/Web_Security#HTTP_Public_Key_Pinning
@jvehent jvehent added the security Security issue: can be an active issue, or related to security hygene label Mar 20, 2017
@ghost ghost added this to the Screenshots in 54 milestone Mar 20, 2017
@ianb ianb assigned ianb and relud and unassigned ianb May 17, 2017
@relud relud closed this as completed May 19, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@relud relud

Labels
security Security issue: can be an active issue, or related to security hygene
Projects
None yet
Milestone
General Release 55
Development

No branches or pull requests
5 participants
@ianb @dannycoates @g-k @jvehent @relud