Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Can HPKP be used in persistent denial-of-service (DoS) attack on web sites? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Can HPKP be used in persistent denial-of-service (DoS) attack on web sites?
security.stackexchange.com/questions/93191/…

From the page:

"HTTP Public Key Pinning (HPKP) is a standard that allows a HTTPS website to specify which certificates it trusts, and instruct the browser not to allow any connection to that site that's secured by any other certificate."

In this page, someone asks if HPKP can be used to facilitate a persistent DoS attack on a website. Some interesting discussion in the question and the comments.
Brad

335 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!