|
|
|
|
|
|
by kkl
3526 days ago
|
|
|
This is a common theme in this thread but I'll re-state it here: Web browsers cannot reliably distinguish between a configuration mistake and an attack. For this reason, I think hard HPKP fails are a good thing. For those who opt-in to HPKP, this is a risk one takes in exchange for greater control over certificate validation. |
|
|