You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 6, 2021. It is now read-only.
Although HPKP can be a self-DoS foot-gun if you have to revoke a key (since your users will reject any unpinned keys), we should allow people to specify HPKP headers in the cabin configuration.
Draft Requirements:
Require at least two sha256 fingerprints. One for the current certificate, and at least one backup public key.
Clearly document the use-case of this feature and how to generate the sha256 fingerprints.
The text was updated successfully, but these errors were encountered:
Although HPKP can be a self-DoS foot-gun if you have to revoke a key (since your users will reject any unpinned keys), we should allow people to specify HPKP headers in the cabin configuration.
Draft Requirements:
The text was updated successfully, but these errors were encountered: