UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 7469

Public Key Pinning Extension for HTTP

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 April 2015
Status: active
Page Count: 28
scope:

This document defines a new HTTP header that allows web host operators to instruct user agents to remember ("pin") the hosts' cryptographic identities over a period of time. During that time, user agents (UAs) will require that the host presents a certificate chain including at least one Subject Public Key Info structure whose fingerprint matches one of the pinned fingerprints for that host. By effectively reducing the number of trusted authorities who can authenticate the domain during the lifetime of the pin, pinning may reduce the incidence of man-in-the-middle attacks due to compromised Certification Authorities.

Document History

IETF RFC 7469
April 1, 2015
Public Key Pinning Extension for HTTP
This document defines a new HTTP header that allows web host operators to instruct user agents to remember ("pin") the hosts' cryptographic identities over a period of time. During that time, user...

References

This document references:
IETF RFC 3339 - Date and Time on the Internet: Timestamps
Published by IETF on July 1, 2002
This document defines a date and time format for use in Internet protocols that is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar.
This document references:
IETF RFC 4648 - The Base16, Base32, and Base64 Data Encodings
Published by IETF on October 1, 2006
This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet...
This document is referenced by:
IETF RFC 7711 - PKIX over Secure HTTP (POSH)
Published by IETF on November 1, 2015
Experience has shown that it is difficult to deploy proper PKIX certificates for Transport Layer Security (TLS) in multi-tenanted environments. As a result, domains hosted in such environments often...
This document is referenced by:
IETF RFC 7838 - HTTP Alternative Services
Published by IETF on April 1, 2016
This document specifies "Alternative Services" for HTTP, which allow an origin’s resources to be authoritatively available at a separate network location, possibly accessed with a different protocol...
This document is referenced by:
IETF RFC 8155 - Traversal Using Relays around NAT (TURN) Server Auto Discovery
Published by IETF on April 1, 2017
Current Traversal Using Relays around NAT (TURN) server discovery mechanisms are relatively static and limited to explicit configuration. These are usually under the administrative control of the...
View Less
View All
Advertisement