Another step towards crowdfunding

Daniel Kahn Gillmor dkg at
Wed Dec 18 03:26:00 CET 2013

On 12/17/2013 08:45 PM, Micah Lee wrote:
> As far as I know these preload lists only force HTTPS for these domains.
> I wonder if anyone could convince the browser vendors to also do
> certificate pinning, bypassing PKI based on CAs altogether?

I believe the answer for public-key-pinning is the same as for HSTS.

That is, if you've already implemented the possible footgun that is
public-key-pinning on your web site via the standard HTTP headers, and
you have demonstrated that it works for you, you can send patches to agl

(ironically, src.chromium.orgdoesn't appear to signal support for safe
TLS negotiation via RFC 5746, sigh)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131217/6815227c/attachment.sig>

More information about the Gnupg-users mailing list