HTTP Public Key Pinning(PKP) removed from Chrome

Google have announced that HTTP Public Key Pinning will be removed and they plan to removed it on May 2018 which it will implement during Chrome 67

HTTP Public Key Pinning

For those who doesn’t know what is HTTP Public Key Pinning, can read the information here

It was been known that the issues with this HTTP Public Key Pinning is that they might brick the website where it can remain valid for some period once the HTTP Public Key Pinning is setup.As a result, the problem can be worst if  the user download the wrong key than the website certification where the user will not be able to access the website.


This issues can be fixed by doing such as following

  • The system administrator or developer need to make it easier and less dangerous to deploy on the website
  • The developer also might need to monitor the traffic and logs for any malicious code that been used

Due to lack of technical difficulties and low adoption, Google Engineering, Chris Palmer has said that

We would like to do this in Chrome 67, which is estimated to be released to Stable on 29 May 2018

Source: Google to Remove Public Key Pinning (PKP) Support in Chrome  and RFC 7469 – Public Key Pinning Extension for HTTP

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *