HPKP Reports, the ultimate protection
With HPKP you can protect yourself from threats in the PKI ecosystem
HTTP Public Key Pinning is a controversial mechanism that provides site operators an incredibly powerful defense mechanism. With the ability to 'pin' public keys you can protect yourself from rogue certificates issued by a hostile CA.
The mechanism is controversial though. With such a huge amount of power, and an equal amount of complexity in deploying it right, many sites have struggled to do it right and talk of deprecation is circulating. Chrome has already removed support for the HTTP header in January 2019.
HPKP serves a very specific purpose, to protect the host against mis-issued or 'rogue' certificates. Even with a CA acting in concert with an attacker can't issue a certificate that will be trusted by the browser when presented with a valid HPKP policy.
Enabling HPKP Reports
Whilst enabling HPKP is easy, you simply return a the HTTP response header 'public-key-pins', knowing which values to pin and why can be extremely difficult.
Pinning at the leaf, intermediate or root levels offer varying degrees of protection and difficulty in maintaining the policy. Understanding which you should pin at and why, if you should pin, is a task for those with extensive experience in the Web PKI.
We can tailor a package to your exact requirements with custom usage, billing and SLA. You need an enterprise account if you're looking for any of the following features, just get in touch!
- Managed/Dedicated Instance
- Geographic Hosting/Processing
- Custom or Unlimited Usage
Award Winning Service
SC Awards Europe Judges
Best Emerging Technology 2018
"This is a completely new source of information that sites can use to better protect themselves and their visitors"