On Fri, 17 Mar 2017 09:52:54 +0100 Gunnar Haslinger <[email protected]> wrote:
> Sure, but that needs time and a solid understanding of HPKP and/or > TLSA for preparing a new Keypair (and/or new Backup-Keypair), deploy I said this before, I'll say it again: If you don't have a solid understanding of HPKP then *don't use it ever*. Don't even think about it. Your chances of making your page unavailable are extremely high. HPKP is a nice feature, but it absolutely requires a solid understanding and a good plan to avoid its pitfalls. If you're not capable of having a good keyrolover plan then you shouldn't deploy HPKP. -- Hanno Böck https://hboeck.de/ mail/jabber: [email protected] GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
