Skip to content
This repository has been archived by the owner on Oct 6, 2021. It is now read-only.

Optional HPKP headers #34

Closed
paragonie-scott opened this issue Jun 18, 2016 · 2 comments
Closed

Optional HPKP headers #34

paragonie-scott opened this issue Jun 18, 2016 · 2 comments
Assignees
@paragonie-scott @paragonie-security
Labels
Cabins crypto expertise needed feedback sought HIGH PRIORITY SECURITY ux
Milestone
Version 0.3.0

Comments

@paragonie-scott
Copy link
Member

Although HPKP can be a self-DoS foot-gun if you have to revoke a key (since your users will reject any unpinned keys), we should allow people to specify HPKP headers in the cabin configuration.

Draft Requirements:

  • Require at least two sha256 fingerprints. One for the current certificate, and at least one backup public key.
  • Clearly document the use-case of this feature and how to generate the sha256 fingerprints.
@paragonie-scott paragonie-scott added this to the Version 0.3.0 milestone Jun 18, 2016
@paragonie-scott paragonie-scott mentioned this issue Jun 18, 2016
Closed
7 tasks
@paragonie-scott
Copy link
Member Author

These will be built with HPKP-Builder.

@paragonie-scott
Copy link
Member Author

ca30fcb This is implemented.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@paragonie-scott paragonie-scott

@paragonie-security paragonie-security

Labels
Cabins crypto expertise needed feedback sought HIGH PRIORITY SECURITY ux
Projects
None yet
Milestone
Version 0.3.0
Development

No branches or pull requests
2 participants
@paragonie-scott @paragonie-security