Opened 6 years ago

Closed 3 years ago

#1413 closed enhancement (wontfix)

public key pinning for our sites

Reported by: killyourtv Owned by: Eche|on
Priority: minor Milestone:
Component: www/i2p Version: 0.9.16
Keywords: Cc:
Parent Tickets: Sensitive: no


As suggested by Anarchos on IRC it may be worthwhile have our certs pinned by Mozilla and/or any other browsers.


Change History (5)

comment:1 Changed 6 years ago by zzz

Somewhat related proposal for pseudo-pinning of our reseed hosts: http://zzz.i2p/topics/1752

comment:2 Changed 5 years ago by str4d

Status: newopen

comment:3 Changed 3 years ago by Eche|on

Owner: set to Eche|on
Status: openassigned

comment:4 Changed 3 years ago by Eche|on

Certificate pinning is mostly obsolete.
It will be removed from chrome in 2018, also IE/Edge does not support it at all.
New one is:

comment:5 Changed 3 years ago by zzz

Resolution: wontfix
Status: assignedclosed

agreed. Also dangerous. See 'suicide by pinning'

Note: See TracTickets for help on using tickets.