[cabfpub] Notes of meeting, CA/Browser Forum, Gjøvik, Norway, 26-28 June 2012

Gervase Markham gerv at mozilla.org
Wed Jul 11 09:18:57 UTC 2012

On 11/07/12 01:23, Chris Palmer wrote:
> 2. Key roll-over: In my draft, you can pin as many keys as you want,
> and clients will accept any of them when performing pin validation.
> (In fact, you currently *have to* assert a "back-up" pin, but I am
> probably going to remove that requirement.)

Please don't remove it. Compulsory backup pins is a great idea. It
raises the barrier to using pinning, which will exclude people who will
shoot themselves in the foot by locking their customers out of their
domain, which will give the technology a bad name and have it labelled
as "risky" by site owners.


More information about the Public mailing list