Attackers often compromise a Certificate Authority (CA). They use mis-issued or fraudulent certificates to impersonate a legitimate server and steal sensitive data transferred via a TLS connection. To address the problem, HTTP Public Key Pinning (HPKP) is used. But what is HTTP Public Key Pinning, and how does it work? How is this implemented, and do we use it? In this article, we will discuss that.
In this article, we will discuss the following:
-
What is HTTP Public Key Pinning (HPKP), and why do we need it?
-
How does HTTP Public Key Pinning work?
-
How is HTTP Public Key Pinning implemented?
-
Is HTTP Public Key Pinning still used?
0 Comments