Public Key Pinning Extension for HTTP
暂无分享,去创建一个
This document defines a new HTTP header that allows web host operators
to instruct user agents to remember ("pin") the hosts'
cryptographic identities over a period of time. During that time, user
agents (UAs) will require that the host presents a certificate chain
including at least one Subject Public Key Info structure whose
fingerprint matches one of the pinned fingerprints for that host. By
effectively reducing the number of trusted authorities who can
authenticate the domain during the lifetime of the pin, pinning may
reduce the incidence of man-in-the-middle attacks due to compromised
Certification Authorities.
[1] Moxie Marlinspike,et al. Trust Assertions for Certificate Keys , 2013 .