<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <br>
    On 12/18/2013 11:32 PM, From Ryan Sleevi:
    <blockquote
cite="mid:CACvaWvbHjw1=Q7X3mabXT+TNtyJqeNQByFe79YHmm4DAWxUstQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra"><br>
          <br>
          <div class="gmail_quote">On Wed, Dec 18, 2013 at 1:23 PM, Eddy
            Nigg (StartCom Ltd.) <span dir="ltr"><<a
                moz-do-not-send="true"
                href="mailto:eddy_nigg@startcom.org" target="_blank">eddy_nigg@startcom.org</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
              <div bgcolor="#FFFFFF" text="#000000"> <br>
                On 12/18/2013 10:14 PM, From Ryan Sleevi:
                <blockquote type="cite">
                  <div class="im">
                    <p dir="ltr"> > How did you arrive at that sum?
                      Pinning shouldn't really cost anything once the
                      code is in the browsers. I also assume that code
                      changes for CT wouldn't be any cheaper than that.</p>
                  </div>
                  <p dir="ltr">Pinning is NOT just a nob you turn. It
                    carries huge operational risks to realize the
                    preventative guarantees</p>
                </blockquote>
                <br>
                Are we talking about the same thing here?</div>
            </blockquote>
            <div><br>
            </div>
            <div>Absolutely.</div>
            <div><br>
            </div>
            <div>If you haven't followed the IETF discussions about
              pinning, I absolutely encourage you to do so. </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    Sadly I don't have much time for IETF discussions, but...<br>
    <br>
    <blockquote
cite="mid:CACvaWvbHjw1=Q7X3mabXT+TNtyJqeNQByFe79YHmm4DAWxUstQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <div>The pinning draft itself is careful to spell out that
              there are non-trivial risks aplenty with pinning, BUT it
              can provide *preventative* mitigation.<br>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    WHAT? With pinning I understand to pin a particular certificate to a
    particular host name in the browser. Is this what you are talking
    about?<br>
    <br>
    <br>
    <div class="moz-signature">
      <table border="0" cellpadding="0" cellspacing="0">
        <tbody>
          <tr>
            <td colspan="2">Regards </td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
          <tr>
            <td>Signer: </td>
            <td>Eddy Nigg, COO/CTO</td>
          </tr>
          <tr>
            <td> </td>
            <td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
          </tr>
          <tr>
            <td>XMPP: </td>
            <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
          </tr>
          <tr>
            <td>Blog: </td>
            <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
          </tr>
          <tr>
            <td>Twitter: </td>
            <td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
        </tbody>
      </table>
    </div>
    <br>
  </body>
</html>