Confirmed users
717
edits
Security/Features/CA pinning functionality: Difference between revisions
Jump to navigation
Jump to search
Security/Features/CA pinning functionality (view source)
Revision as of 23:56, 10 February 2012
, 10 February 2012no edit summary
No edit summary |
No edit summary |
||
| Line 10: | Line 10: | ||
}} | }} | ||
{{FeaturePageBody | {{FeaturePageBody | ||
|Feature open issues and risks=Google has had CA pinning for a while; we should talk to them about their experience and any risks/problems with current proposals. | |||
|Feature overview=As they can require HTTPS connections (via HSTS), sites may want to also restrict the CAs who can issue certificates for their domain to one or a few that they trust. This can be accomplished via a list of certificate fingerprints that are exclusively allowed to act as trust anchors for a given domain. This is like what chrome has done [http://www.imperialviolet.org/2011/05/04/pinning.html] except we would not be managing a static list of anchors. | |Feature overview=As they can require HTTPS connections (via HSTS), sites may want to also restrict the CAs who can issue certificates for their domain to one or a few that they trust. This can be accomplished via a list of certificate fingerprints that are exclusively allowed to act as trust anchors for a given domain. This is like what chrome has done [http://www.imperialviolet.org/2011/05/04/pinning.html] except we would not be managing a static list of anchors. | ||
|Feature users and use cases=CA x is compromised and grants a certificate for example.com to an attacker. The owners of example.com have their site pinned to the certificate for CA y, so when the attacker attempts to use the certificate from x, he fails to satisfy the pinning requirement and thus any users presented with his certificate will not have access to the fraudulent connection. | |Feature users and use cases=CA x is compromised and grants a certificate for example.com to an attacker. The owners of example.com have their site pinned to the certificate for CA y, so when the attacker attempts to use the certificate from x, he fails to satisfy the pinning requirement and thus any users presented with his certificate will not have access to the fraudulent connection. | ||