Re: [websec] #50: Handing of pinning DSA public keys
#50: Handing of pinning DSA public keys Changes (by palmer@…): * owner: draft-ietf-websec-key-pinning@… = palmer@… * status: new = assigned -- -+--- Reporter: Tom Ritter | Owner: palmer@… Type: defect | Status: assigned Priority: major| Milestone: Component: key-pinning | Version: Severity: -| Resolution: Keywords: | -+--- Ticket URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/50#comment:1 websec http://tools.ietf.org/websec/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
[websec] #53: Clarify status of pin validation when used with private trust anchors
#53: Clarify status of pin validation when used with private trust anchors Clarify in the I-D whether and how, when a the server's certificate chain chains up to a private trust anchor (as opposed to a publicly-trusted one such as in Mozilla's or Microsoft's root CA programs), the UA should perform pin validation. Options: * If anchor is private, do not perform pin validation * Always perform pin validation, presumably always failing when trust anchor is private * If anchor is private, validate against a database of private pins; ** If there is no DB of private pins, do not perform pin validation ** If there is no DB of private pins, perform pin validation anyway (presumably always failing) * Other options? Currently, Google Chrome opts to not perform pin validation when the trust anchor is private. -- -+-- Reporter: palmer@… | Owner: palmer@… Type: defect | Status: new Priority: major| Milestone: Component: key-pinning |Version: Severity: -| Keywords: -+-- Ticket URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/53 websec http://tools.ietf.org/websec/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
Re: [websec] #53: Clarify status of pin validation when used with private trust anchors
#53: Clarify status of pin validation when used with private trust anchors Changes (by palmer@…): * status: new = assigned -- -+--- Reporter: palmer@… | Owner: palmer@… Type: defect | Status: assigned Priority: major| Milestone: Component: key-pinning | Version: Severity: -| Resolution: Keywords: | -+--- Ticket URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/53#comment:1 websec http://tools.ietf.org/websec/ ___ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec