Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Can HPKP be used in persistent denial-of-service (DoS) attack on web sites? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Can HPKP be used in persistent denial-of-service (DoS) attack on web sites?
security.stackexchange.com/questions/93191/…

From the page:

"HTTP Public Key Pinning (HPKP) is a standard that allows a HTTPS website to specify which certificates it trusts, and instruct the browser not to allow any connection to that site that's secured by any other certificate."

In this page, someone asks if HPKP can be used to facilitate a persistent DoS attack on a website. Some interesting discussion in the question and the comments.
Brad

348 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!