Hacker News new | past | comments | ask | show | jobs | submit login

Why isn't there a site-controlled fallback setting for this?

Does this not make sense? Abu given website's beet interest is to continue to be reachable.




Every escape hatch in the certificate validation is also an additional avenue for attack. For example, using a DNS record to override certificate pins makes DNS cache poisoning much more valuable to the attacker.


Every layer of security is also an additional accessibility hurdle.


Got it, thanks @tremon.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: