A proposal for a dynamically activated public key pinning framework that provides a layer of indirection away from Certificate Authorities, but is fully backwards compatible with existing CA certificates, and doesn't require sites to modify their existing certificate chains.

Flexible, Simple, Secure

Designed to be easy to incorporate into existing TLS servers and clients, with keys that are simple to manage.

The Internet Draft We've submitted an Internet Draft to the IETF with TACK's technical details. Check it out »

The code We've written some reference TACK implementations for OpenSSL, Apache, and tlslite, as well as the command-line tools necessary to generate and manage TACK keys. Start hacking »

The project list We have a mailing list for discussing TACK development. Join up »