IETF Logo Mail Archive

[websec] I-D Action: draft-ietf-websec-key-pinning-01.txt

internet-drafts@ietf.org Fri, 09 December 2011 20:14 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6D021F893C; Fri, 9 Dec 2011 12:14:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.578
X-Spam-Level:
X-Spam-Status: No, score=-102.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnLRu+4AJ6bd; Fri, 9 Dec 2011 12:14:51 -0800 (PST)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5464121F8880; Fri, 9 Dec 2011 12:14:51 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 3.64
Message-ID: <20111209201451.6282.3929.idtracker@ietfa.amsl.com>
Date: Fri, 09 Dec 2011 12:14:51 -0800
Cc: websec@ietf.org
Subject: [websec] I-D Action: draft-ietf-websec-key-pinning-01.txt
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2011 20:14:52 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Security Working Group of the IETF.

	Title           : Public Key Pinning Extension for HTTP
	Author(s)       : Chris Evans
                          Chris Palmer
	Filename        : draft-ietf-websec-key-pinning-01.txt
	Pages           : 16
	Date            : 2011-12-09

   This memo describes an extension to the HTTP protocol allowing web
   host operators to instruct user agents (UAs) to remember ("pin") the
   hosts' cryptographic identities for a given period of time.  During
   that time, UAs will require that the host present a certificate chain
   including at least one Subject Public Key Info structure whose
   fingerprint matches one or more of the pinned fingerprints for that
   host.  By effectively reducing the scope of authorities who can
   authenticate the domain during the lifetime of the pin, pinning may
   reduce the incidence of man-in-the-middle attacks due to compromised
   Certification Authorities and other authentication errors and
   attacks.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-websec-key-pinning-01.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-websec-key-pinning-01.txt

v2.23.0 | Report a Bug | By Email