AnsweredAssumed Answered

What is "Static Public Key Pinning"?

Question asked by j-mailor on Mar 24, 2017
Latest reply on Mar 25, 2017 by j-mailor

Hi,

I see on dev.ssllabs.com new feature "Static Public Key Pinning" is added. I see Google has implemented "Static Public Key Pinning" on at least one of its servers [1].

 

 

I know what "Public Key Pinning (HPKP)" [2],[3] is I implemented it on one of my web server, but on dev.ssllabs.com I see new feature "Static Public Key Pinning". I have searched the web and the only reference I have found is the following web page [4], but it is too technical for me to understand.

 

Can you please:

a) explain in few words what "Static Public Key Pinning" is,

b) how does it compare/differ from "Public Key Pinning (HPKP)",

c) can both "Static Public Key Pinning" and "Public Key Pinning (HPKP)" both be implemented on the same web server,

d) what are pros and cons of implementing "Static Public Key Pinning",

e) when is "Public Key Pinning" suggested to be implemented and when "Static Public Key Pinning".

Maybe I have even given enough question for some article on this topic, maybe when this is implemented on production server www.ssllabs.com


Sources:

[1] https://dev.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=172.217.8.164&hideResults=on
[2] https://scotthelme.co.uk/hpkp-http-public-key-pinning/
[3] https://scotthelme.co.uk/guidance-on-setting-up-hpkp/
[4] https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21039/PKI-ASAF-design-docs.pdf?sequence=4

 

Thanks

Outcomes