Bug 59754 - support HPKP (Public-Key-Pins) Header
Summary: support HPKP (Public-Key-Pins) Header
Status: RESOLVED DUPLICATE of bug 59179
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Connectors (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-25 09:10 UTC by Ralf Hauser
Modified: 2016-06-29 17:25 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf Hauser 2016-06-25 09:10:10 UTC
see https://scotthelme.co.uk/hpkp-http-public-key-pinning/


maybe the HttpHeaderSecurityFilter of bug 58735 can be used for this

see also bug 58548
Comment 1 Christopher Schultz 2016-06-28 20:11:03 UTC
I remember hearing about this.

I have no objection to anyone else working on this, but it's a terrible design: it's trying to solve the problem of not using DNSSEC by essentially re-implementing DNSSEC with the notable problem of being trust-on-first-use (TOFU). So it's completely useless from a security perspective. You can still be owned: you just have to be owned early.
Comment 2 Mark Thomas 2016-06-29 17:25:55 UTC

*** This bug has been marked as a duplicate of bug 59179 ***