Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-36705

HTTP + SSL: support Public Key Pinning (HPKP)

XMLWordPrintable

      ... once sites are using it. As of now (early 2014), nobody is using it, but we should keep an eye on where this is going.

      Use case:
      E.g. Facebook pins one if its intermediate certificates or root certificate for a certain time span, and within that time span, Qt would only accept these certificates. This means that a man-in-the-middle attack with a stolen certificate (like Comodo etc.) would fail.

      Latest draft: http://tools.ietf.org/html/draft-ietf-websec-key-pinning-10

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            peter-har Peter Hartmann
            peter-har Peter Hartmann
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes