|
|
|
|
|
|
by roastedpeacock
694 days ago
|
|
|
> Key pinning also can be done independently of the protocol; the SSH client does that, and it is helpful, but it isn't something that necessarily needs the SSH protocol in order to work. While it was not entirely perfect Google threw in the towel with HPKP and they do not seem to want to reopen the debate. All the meanwhile they utilize static pinning for their own properties in Chromium [1] and 'secure' domain registration (MarkMonitor) that is very difficult to obtain when not a large corporation. Leaving the rest of us as fine pickings against those who can hijack domains and obtain a CA issued certificate to conduct MiTM attacks. [1] https://source.chromium.org/chromium/chromium/src/+/main:net... |
|
|