[ https://issues.apache.org/jira/browse/TS-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14364147#comment-14364147 ]
James Peach commented on TS-3216: --------------------------------- I don't like this approach, for a number of reasons - It's based on {{ssl_multicert.config}} configuration, so it is not consistent with HSTS which is based on {{records.config}}. - It assumes that there is only 1 backup pin, the backup pin is contained in a CSR, and that the CSR is available to ATS. All of these assumptions seem shaky to me. - There are many HPKP options missing (e.g., {{Public-Key-Pins-Report-Only}}, {{report-url}}) and it's not clear to me that configuring this in {{ssl_multicert.config}} would be a good approach. - I really would like to avoid adding more knobs to {{ssl_multicert.config}}, since it is way to complex already. > Add HPKP (Public Key Pinning Extension for HTTP) support > -------------------------------------------------------- > > Key: TS-3216 > URL: https://issues.apache.org/jira/browse/TS-3216 > Project: Traffic Server > Issue Type: New Feature > Components: SSL > Reporter: Masaori Koshiba > Assignee: James Peach > Labels: review > Fix For: 5.3.0 > > Attachments: hpkp-001.patch, hpkp-002.patch > > > Add "Public Key Pinning Extension for HTTP" Support in Traffic Server. > Public Key Pinning Extension for HTTP (draft-ietf-websec-key-pinning-21) > - https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21 -- This message was sent by Atlassian JIRA (v6.3.4#6332)