> > I would consider signify keys printed on CDs and copied across several > > web sites safer than trusting the hundreds of CA certs shipped with a > > standard web browser. > > Didn't we just established that with HPKP you can disregard the CA > completely? At least if you trust your fist access to the site. But I > think this thread followed its course, lets move on.
Xombrero does that by caching certs ;) I'd hardly call it disregarding the CA myself, makes it sound much more progressive than it is! -- KISSIS - Keep It Simple So It's Securable
