On Thu, Jul 10, 2014 at 5:45 AM, Yury Leonychev <[email protected]> wrote: > Seems that I'm not alone in my searches > https://code.google.com/p/android/issues/detail?id=30870 > > четверг, 19 июня 2014 г., 12:06:56 UTC+4 пользователь Yury Leonychev > написал:
I've been kind of waiting for that feature too. Related: Chris Palmer and Ryan Sleevi just released the latest revision of Public Key Pinning Extension for HTTP (draft-ietf-websec-key-pinning-19). It has provisions for backup keys, too. See Backup Pins in Section 4.3. Jeff >> As we all know applications signing is one of the main security feature >> for protecting application infrastructure in Android. If we have huge set of >> apps and thousands of users, key compromise is a really big problem. We >> couldn't update all applications installed on user device in one moment. It >> means that we'll break apps communications inside device, because some >> packages will have compromised signature, and another will have new one. >> I believe that somebody knows right sequence of actions for replacing >> compromised private key. I'll glad to hear any ideas and suggestions. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
