|
|
|
|
|
|
by pfg
3219 days ago
|
|
|
I had to double-check the RFC on this. The OP suggested pinning to "current CA + current pubkey", which would technically count as two pins and satisfy a simple "you'll need at least two pins" requirement. Luckily, the RFC authors realized that someone would try this and wrote it as "The given set of Pins contains at least one Pin that does NOT refer to an SPKI in the certificate chain.", meaning this pin would get rejected. |
|
|