An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents.
Which of the following would assist Company.com with its goal?
A.
Certificate pinning
B.
Certificate stapling
C.
Certificate chaining
D.
Certificate with extended validation
There are scenarios where a bad actor might try to take over a CA and quickly update
the entire PKI for that CA, generating perfectly legal (chain-wise) certificates. To combat
this, a technique called HTTP Public Key Pinning (HPKP) is used. HPKP uses pins,
which are simply stored hashes of the public key that the host machines can compare
against to verify that the public key inside the certificate is the same as anticipated.
5
0