Y
Hacker News
new
|
ask
|
show
|
jobs
by
sandij
2827 days ago
When pinning CAs instead of certificates, you’d use CAA instead of HPKP.
2 comments
toast0
2827 days ago
CAA isn't restricting acceptance of certs, it's restricting issuance, assuming the attempted issuer is compliant, competent, and that your domain didn't get hijacked.
link
BillinghamJ
2827 days ago
That wouldn’t work, as there’s no differentiator between EV and non-EV
link