Philip McGrath schreef op zo 09-01-2022 om 08:57 [-0500]:
> The part of the deprecation of HPKP that seems most relevant is that
> some number of servers---I suspect it may be a large number---are
> configured under the assumption that no one relies on their using any
> particular public key.
Hi,
On 1/9/22 06:54, Maxime Devos wrote:
Hi,
Philip McGrath schreef op za 08-01-2022 om 11:37 [-0500]:
This sounds like HTTP Public Key Pinning (HPKP).[1] AIUI, HTTP Public
Key Pinning was deprecated, and support has been removed from major
browser engines by January 2020.[2][3][4] While it
imply revert the pin and inform
relevant authorities.
Attacker: ️.
Note that, to do a MITM, the attacker would have to
compromise/corrupt a CA. Public key pinning makes no difference
to the difficulty of compromising the web server. So this attack
would be a
Hi,
On 1/7/22 16:24, Maxime Devos wrote:
The purpose is to resist a compromise of the CA system. More
concretely, if you now do "guix refresh -u minetest-moreores"
then a MITM that compromised a CA cannot secretly replace
minetest-moreores with a mod that mines bitcoin for the MITM,
or
Hi guix-devel,
I coded up the following recently:
[start snip]
;; TODO does this check all the right fields?
(define %pinned-public-keys
'(("content.minetest.net" . #u8(188 216 200 89 188 149 240 145 93 189
114 207 239 50 157 141 57 196 11 102))
("ftp.gnu.org" . #u8(100 133 126 118 117 115
