1. Accidentally publish TLS key on website. 2. Revoke certificate. 3. Get new certificate =WITH SAME KEY=.https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/71AXGTgcX9c …
Turns out both happen, like that time Heartbleed compromised millions of keys. Long pinning time = downtime if you need to replace the key.
-
-
Besides: you can pin the parent key or the CA if you want to avoid the rogue CA problem.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
That's why you should pin backup keys.
-
What if the key generator is what was broken? like that other time, when Debian generated millions of broken keys.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.