As I mentioned at the session today, UTA WG members might be interested
in our draft on Ticket Pinning, which is an alternative to HPKP (the
certificate pinning RFC that has only seen weak adoption). Our solution
is much easier to automate, and therefore drastically reduces the risk
of a server being "bricked" because of a human error, which we believe
has been the main reason hurting HPKP adoption. Possibly more relevant
for this group: ticket pinning is at the TLS layer, and does not depend
on HTTP. So it could apply to SMTP or IMAP for example.
The draft is here [1] but you can just browse the slides instead [2].
If people are interested in identity pinning for non-web applications,
please respond privately to Daniel Migault and myself.
Thanks,
Yaron
[1] https://datatracker.ietf.org/doc/draft-sheffer-tls-pinning-ticket/
[2]
https://www.ietf.org/proceedings/97/slides/slides-97-tls-ticket-pinning-00.pdf
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
