hsts and hpkp in the wild

babymemehsts impressed me when i had to do a tls upgrade unexpectedly, that’s a great thing to configure although preload as syntax option is best removed and is counter intuitive.

But hpkp (my blog) still baffles me.  hpkp is a waste of time although i have ‘valid’ hpkp i still have no hpkp backup key and the report uri thing also remains a mystery to me – is it a form in html,a cgi script or something else.

Specifically problems seem to exist with primary and backup keys (if you hairy eyeball to documentation) appears to be done with pin-sha256=\”base64+primary==\”; and +backup but i can’t verify that although it could be rfc right.

report uri is also a mystery to most just do the hashes so i guess they also gave up on it however it is supposed to work – i rekon a cgi like form is used

The higher mysteries of hpkp will remain here in the zoo

2 responses

  1. Pingback: a hsts gotcha with a iffy bios | Bananas in the Falklands

  2. Pingback: Letsencrypt finally figured out (meh) | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s