Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-36705

HTTP + SSL: support Public Key Pinning (HPKP)

    XMLWordPrintable

    Details

      Description

      ... once sites are using it. As of now (early 2014), nobody is using it, but we should keep an eye on where this is going.

      Use case:
      E.g. Facebook pins one if its intermediate certificates or root certificate for a certain time span, and within that time span, Qt would only accept these certificates. This means that a man-in-the-middle attack with a stolen certificate (like Comodo etc.) would fail.

      Latest draft: http://tools.ietf.org/html/draft-ietf-websec-key-pinning-10

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            peter-har Peter Hartmann
            Reporter:
            peter-har Peter Hartmann
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes