I actually regret HPKP as a header, in some ways. https://tools.ietf.org/html/draft-sheffer-tls-pinning-ticket-01#section-6.1 … is just a disappointing strawman though...
-
-
@__agwa OK, to be fair I think LE's PKI design is bad, for reasons like this and others. I think CA should help declare pinset (lead&roots) -
@__agwa er, int&roots. And pinning isn't zero touch - refresh yearly should be sufficient, however. But ONLY ints or leaves is tres bad
End of conversation
New conversation -
-
-
@sleevi_ It's insidious because breakage will occur without site operator even touching their server config. Solution: also pin EE keys.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.