On 01/12/16 03:45, Dean Coclin via Public wrote:
> For the past several years we have made a point to communicate to both
> customers and partners that they should avoid hard coding or otherwise
> constraining the CA’s supported by their applications given the
> increasing frequency of changes.
So Symantec advises against key pinning in all circumstances?
Presumably this is publicly documented somewhere on your website that
customers are likely to see?
> In this case it is also explicitly
> called out in our CPS.
Could you give us a reference, please?
Public mailing list