4

I have noticed that many web sites do not implement HPKP even though it is simple to implement. Is there any downside to it?

Anders
  • 64,406
  • 24
  • 178
  • 215
Lio Xu
  • 51
  • 4
  • 1
    HPKP might be simple, but not always possible. Nor is it clear how to do it on a lot of frameworks. For instance, how do you configure HPKP on Wordpress? – schroeder Apr 10 '17 at 06:11
  • 4
    https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead – void_in Apr 10 '17 at 07:52

2 Answers2

3

With HPKP you can pin a certificate in a certificate chain. This is easy to do, as long as you always use the same certificate provider. For example, if you always have DigiCert certificates, you can pin the DigiCert root certificate and this gives increased security.

But what if DigiCert gets compromised? In that case you need a backup certificate key to create a new certificate, which is also allowed by HPKP. You can choose not to do this, but then when your DigiCert certificate gets revoked your users can't visit your site anymore.

So there are a few downsides to HPKP:

  • You need twice the certificates, with multiple certificate authorities.
  • You have to store the backup key securely, ready to be used to request a new certificate in case of emergency.
  • If you screw up your site will no longer be accessible by your users for some time.

Unless you have an airtight automated process for this, I would not recommend using HPKP.

Update: Chrome deprecates HPKP, so they also seem to think it doesn't work.

Sjoerd
  • 28,707
  • 12
  • 74
  • 102
  • 1
    um, you pin a Key to a domain, not a certificate. (you pin the public key so you can indeed pin the keys anywhere in the certification chain) You could implement HPKP without certificates at all (although that is hardly useful in most cases). However you do NOT need 'twice the certificates', you need twice the amount of Keys. (not a problem since you can generate them yourself and ahead of time) , you Do need to store it securely and if you screw up you can lockout your site. SO you need a good procedure to prevent that. – LvB Apr 10 '17 at 11:14
  • Thanks @LvB, I thought you needed a backup certificate but actually you need a backup keypair. – Sjoerd Apr 10 '17 at 11:22
1

HPKP is simple and great as long as you don’t renew your private key. But if you intend to change your private key, you have to declare the new corresponding public key max-age before.

It’s not a big issue if you have a short max-age, but a short max-age makes HPKP somewhat useless.

If you consider your server might be compromised and your private key stolen, you need to have one (or a few) private key(s) available somewhere they are safe, and have the corresponding public keys declared in HPKP. This is feasible, but it requires you to be very rigorous.

user2233709
  • 540
  • 4
  • 12