There is HPKP (HTTP Public Key Pinning) which servers use to tell the client's web browser which certificates to trust (in the future) for the domain that is being contacted.
Google's Chrome and Mozilla's FireFox bring their own lists of websites that are pinned to certain certificates. (Google calls an entry in this list "a pinset".)
How can I add certificate pinning for other domains to my web browser (e.g. FireFox)?
Is there a reason why there is no option to "Pin this certificate to this URI" when viewing the details of a certificate in a web browser? Would it undermine the concept of CAs, or is it just not implemented?
Aucun commentaire:
Enregistrer un commentaire