Hacker News new | past | comments | ask | show | jobs | submit login

It makes sense to use HPKP to pin to a CA (maybe a CA's intermediate, I can't remember what they let you do) or better, multiple. Depending on your expiration, and what terrible thing happens in the PKI universe, you should probably be able to resolve an issue if you've got multiple independent CAs pinned.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: