{"draft":"draft-ietf-websec-key-pinning-21","doc_id":"RFC7469","title":"Public Key Pinning Extension for HTTP","authors":["C. Evans","C. Palmer","R. Sleevi"],"format":["ASCII","HTML"],"page_count":"28","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Web Security","abstract":"This document defines a new HTTP header that allows web host\r\noperators to instruct user agents to remember (\"pin\") the hosts'\r\ncryptographic identities over a period of time.  During that time,\r\nuser agents (UAs) will require that the host presents a certificate\r\nchain including at least one Subject Public Key Info structure whose\r\nfingerprint matches one of the pinned fingerprints for that host.  By\r\neffectively reducing the number of trusted authorities who can\r\nauthenticate the domain during the lifetime of the pin, pinning may\r\nreduce the incidence of man-in-the-middle attacks due to compromised\r\nCertification Authorities.","pub_date":"April 2015","keywords":["pin"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7469","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7469"}