Google has developed the public key pinning concept that will debut in Chrome version 13 for most Google Internet properties (e.g., https://www.google.com).
Public key pinning means that a certification authority public key will be white-listed in the browser for a specific domain or set of domains. The white-listed public key is referred to as an HTTPS pin. If the pin is not present when browsing a protected website, then an error will occur in the browser and the requested page will not be presented.
The idea is that Google knows who it has authorized to issue its SSL certificates. If a certificate is found to be issued by another CA – even a legitimate publicly trusted CA – then the certificate will not be trusted. The result is that an unsuspecting browsing party will not be compromised with the help of a fraudulent SSL certificate.
Potential incompatibility issues with corporate man-in-the-middle (MITM) proxies, parental controls and debugging tools have been addressed by allowing user-installed CA certificates to override the pins.
Google appears to be open to offering pinning to other large, high-security websites. For others, the expectation is that pinning will be available through HTTP Strict Transport Security (HSTS). We’ll have to wait and see if other browsers will support Public Key Pinning as well.