When pinning CAs instead of certificates, you’d use CAA instead of HPKP. | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

sandij on Sept 18, 2018 | parent | context | favorite | on: Extended Validation Certificates Are Dead

When pinning CAs instead of certificates, you’d use CAA instead of HPKP.

toast0 on Sept 18, 2018 | [–]

CAA isn't restricting acceptance of certs, it's restricting issuance, assuming the attempted issuer is compliant, competent, and that your domain didn't get hijacked.

BillinghamJ on Sept 18, 2018 | [–]

That wouldn’t work, as there’s no differentiator between EV and non-EV

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact