[QTBUG-36705] HTTP + SSL: support Public Key Pinning (HPKP) - Qt Bug Tracker

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: P4: Low
Resolution: Out of scope
Affects Version/s: None
Fix Version/s: Some future release
Component/s: Network: HTTP, Network: SSL
Labels:
- BlackBerry10

Description

... once sites are using it. As of now (early 2014), nobody is using it, but we should keep an eye on where this is going.

Use case:
E.g. Facebook pins one if its intermediate certificates or root certificate for a certain time span, and within that time span, Qt would only accept these certificates. This means that a man-in-the-middle attack with a stolen certificate (like Comodo etc.) would fail.

Latest draft: http://tools.ietf.org/html/draft-ietf-websec-key-pinning-10

Attachments

Options
- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

Gerrit Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Peter Hartmann

Reporter:: Peter Hartmann

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 07 Feb '14 10:01

Updated:: 16 Apr '20 06:28

Resolved:: 16 Apr '20 06:28

Gerrit Reviews

There are no open Gerrit changes