HTTP Public Key Pinning (HPKP) support
I wonder if you support HPKP. In case not, it would be awesome if you’ll add support.
E.g. Posteo supports it and it can be easily implemented as it is just a HTTP header. However the result is a huge security improvement making MITM attacks much more difficult.
Here more information about HPKP:
BTW, here is Android’s doc about how to do key pinning in general:
You could even allow such manual key pinning by letting users enter the cert hash, or, as said, just support HPKP, where this is done automatically.
@rugk The mentioned pinning method is to pin certain certificates which are built in the app. It won’t help in the DAVdroid use case.
@rfc2822 Hmm, okay… Too bad.