5

1. Question:
Does HTTP Public-Key-Pinning (HPKP) really improve security?
A MITM (e.g. NSA) could intercept the first request to a server and respond with a "faked" certificate, signed by a compromised CA.
So HPKP only improves security if the initial connection to a server has not been tampered with, and if you are 100% sure, that you initially connected to the correct server.
Correct?

2. Question:
The Public-Key-Pins header needs to include at least two hashes of two distinct certificates, one serving as a "backup" certificate.
Does that mean that I have to buy two different certificates from two different CAs?
That would be rather expensive. Shouldn't a CA offer you to sign two certificates for the same domain if you buy one?
Security shouldn't come at a price, everyone should be able to build a secure service.

Florian Schneider
  • 320
  • 2
  • 15
  • 1
    I'm voting to close this question as off-topic because it is not about programming. security.stackexchange.com is more suitable for this kind of question. – Steffen Ullrich Mar 07 '15 at 09:32

2 Answers2

6

1. yes

2. HPKP is not related to the certificate itself. Like the name tells you it is about the public key.

To get a certificate you will create a certificate request using your private key. Your public key is stored within the certificate you get from the CA. That public key is then compared with the one the browser got by a previous request in the pinning header.

With your response you will deliver the public key of that private key and another public key of a private backup key.

t.niese
  • 39,256
  • 9
  • 74
  • 101
  • 1
    @FlorianSchneider I suggest to read this [Tim Taubert: HTTP PUBLIC-KEY-PINNING EXPLAINED](https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/) – t.niese Mar 07 '15 at 09:35
-4

One comment about the second question.

Actually yes you will have to buy at least 2 certificates in order to pin the cert fingerprint into the client browser. The backup cert must not be stored on the production computer. You will only need its fingerprint.

Fingerprint is computed on certificates. Then a CA also has a fingerprint. 

openssl x509 -noout -in /etc/ssl/certs/DigiCert_Global_Root_CA.pem -fingerprint -sha256
Michael Vergoz
  • 75
  • 1
  • 3
  • 1
    This answer is wrong, you only have to buy ONE certificate! But you need TWO private keys for pinning. One Pin is for the private key you are using for the current certificate and the other Pin is the backup pin of the backup private key. In case you current certificate has to be renewed or replaced you have to use the backup private key to request a new certificate and also create a new backup private key for the hpkp... – Oops D'oh Sep 07 '15 at 20:28
  • Almost right, the pin is made using a hash of public key. Thanks – Michael Vergoz May 16 '19 at 05:18