Details
-
Type:
Task
-
Status: Closed
-
Priority:
P4: Low
-
Resolution: Out of scope
-
Affects Version/s: None
-
Fix Version/s: Some future release
-
Component/s: Network: HTTP, Network: SSL
-
Labels:
Description
... once sites are using it. As of now (early 2014), nobody is using it, but we should keep an eye on where this is going.
Use case:
E.g. Facebook pins one if its intermediate certificates or root certificate for a certain time span, and within that time span, Qt would only accept these certificates. This means that a man-in-the-middle attack with a stolen certificate (like Comodo etc.) would fail.
Latest draft: http://tools.ietf.org/html/draft-ietf-websec-key-pinning-10