Potential problems arising from use of the technology include a so-called RansomPKP attack. In this breach scenario an attacker would gain control of a targeted site via a server compromise or a domain hijack before enabling HPKP headers for malicious ends.
When your visitors go to your site they pick up the malicious HPKP header set by the bad guys.
At some point you then fix the problem and take back control of your site except now, none of the browsers will connect because of the HPKP policy they picked up from the bad guys.
via
https://scotthelme.co.uk/im-giving-up-on-hpkp/
https://www.theregister.co.uk/2017/08/25/hpkp_crypto_criticism/
- 1680 megtekintés
Hozzászólások
A google kivezeti PKP-t 2018-tól:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3…
- A hozzászóláshoz be kell jelentkezni