On 15/05/16 10:22, Yoav Nir wrote:
That’s interesting. With HPKP you can pin keys from existing
certificates, or keys that are not (yet) in certificates.
One of the early deployment scenarios (which got de-emphasized later
on) was that you include two pins: your current production key and a
spare key that you will certify if something bad happens to the
production key (like the private key leaking out).
Hi Yoav,
I had assumed this *is* the main deployment scenario. If it was
de-emphasized, what do you consider as the "classic" HPKP usage scenario?
Thanks,
Yaron
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
