|
|
|
|
|
|
by mirages
3354 days ago
|
|
|
Instead of the cert key pinning as it's easy to obtain an SSL cert (with LE) coudn't we imagine that as banks do own EV certificates that the browser remembers them. In case the browser sees a new non-EV certificate on a site that was previously EV-certed then it throws an error/warning ? |
|
|