Opened 4 years ago

Closed 15 months ago

#1413 closed enhancement (wontfix)

public key pinning for our sites

Reported by: killyourtv Owned by: echelon
Priority: minor Milestone:
Component: www/i2p Version: 0.9.16
Keywords: Cc:
Parent Tickets:

Description

As suggested by Anarchos on IRC it may be worthwhile have our certs pinned by Mozilla and/or any other browsers.

https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning

Subtickets

Change History (5)

comment:1 Changed 4 years ago by zzz

Somewhat related proposal for pseudo-pinning of our reseed hosts: http://zzz.i2p/topics/1752

comment:2 Changed 3 years ago by str4d

  • Status changed from new to open

comment:3 Changed 15 months ago by echelon

  • Owner set to echelon
  • Status changed from open to assigned

comment:4 Changed 15 months ago by echelon

Certificate pinning is mostly obsolete.

https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
It will be removed from chrome in 2018, also IE/Edge does not support it at all.
New one is:
https://en.wikipedia.org/wiki/Certificate_Transparency

comment:5 Changed 15 months ago by zzz

  • Resolution set to wontfix
  • Status changed from assigned to closed

agreed. Also dangerous. See 'suicide by pinning'

Note: See TracTickets for help on using tickets.