[cabfpub] Notes of meeting, CA/Browser Forum, Gjøvik, Norway, 26-28 June 2012
Gervase Markham
gerv at mozilla.org
Wed Jul 11 09:18:57 UTC 2012
On 11/07/12 01:23, Chris Palmer wrote:
> 2. Key roll-over: In my draft, you can pin as many keys as you want,
> and clients will accept any of them when performing pin validation.
> (In fact, you currently *have to* assert a "back-up" pin, but I am
> probably going to remove that requirement.)
Please don't remove it. Compulsory backup pins is a great idea. It
raises the barrier to using pinning, which will exclude people who will
shoot themselves in the foot by locking their customers out of their
domain, which will give the technology a bad name and have it labelled
as "risky" by site owners.
Gerv
More information about the Public
mailing list