Use of HTTPS among top sites is growing, but weirdly so is deprecated HTTP public key pinning

Found on The Register on Tuesday, 27 February 2018

"The most surprising thing is probably the string growth in HPKP [HTTP public key pinning], a technology being abandoned by many and soon Google Chrome too," Helme told El Reg.

Experts including Helme and Ivan Ristic have criticised the technology as being both tricky to apply and potentially calamitous, if incorrectly set up.

HPKP has always been a risky and very dangerous idea that should not have made it past a concept status. Most likely, those so-called webmasters are faced with requests for more security and just use some copy&paste code from random howto-pages to implement what they consider an important feature without understanding it's possible consequences.

Browse all articles« Previous « » Next »