TACK, for pinning.


A proposal for a dynamically activated public key pinning framework that provides a layer of indirection away from Certificate Authorities, but is fully backwards compatible with existing CA certificates, and doesn't require sites to modify their existing certificate chains.

Read Internet Draft »

Flexible, Simple, Secure

Designed to be easy to incorporate into existing TLS servers and clients, with keys that are simple to manage.


The Internet Draft

We've submitted an Internet Draft to the IETF with TACK's technical details.

Check it out »

The code

We've written some reference TACK implementations for OpenSSL, Apache, and tlslite, as well as the command-line tools necessary to generate and manage TACK keys.

Start hacking »

The project list

We have a mailing list for discussing TACK development.

Join up »

The test server

We have a test server running Apache that supports TACK, which you can visit with your browser.

Test it »