[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Vulerable Pre-saved Secondary Key for HPKP

Vulerable Pre-saved Secondary Key for HPKP

Posted Nov 27, 2015 18:06 UTC (Fri) by mathstuf (subscriber, #69389)
In reply to: Vulerable Pre-saved Secondary Key for HPKP by gerv
Parent article: Changes in the TLS certificate ecosystem, part 2

Hmm. If both go bad a different times within a window, will a user be locked out as well? Are clients supposed to refresh its pins if the key used is changed?

to post comments

Vulerable Pre-saved Secondary Key for HPKP

Posted Nov 27, 2015 18:09 UTC (Fri) by gerv (guest, #3376) [Link]

A CA intermediate compromise is a very rare event. That's another reason to pin to one. But yes, I believe clients are supposed to accept any new pinsets sent on a connection which validated with the old pinset.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds