Proper noun
HPKP
(Internet) Initialism of HTTP Public Key Pinning.
In my first post I declared HPKP dead I explored the possibility of fixing it by introducing pin revocation. Source: Internet
The advantage of using OCSP stapling to revoke HPKP pins is that pin revocation information can be reliably delivered to end users. Source: Internet
To further insult all users, including those aware of HPKP, Mozilla intentionally went out of its way to disallow removing pins inside the browser. Source: Internet
Chrome will never block requests based on the pins in a Report-Only header, so this is a safe way to try out HPKP and see if it causes problems for your users without running the risk of DoSing your site. Source: Internet
For now, you can read my previous blog posts on HPKP, all linked here. Source: Internet
The fundamental problem with HPKP is that it is Trust On First Use – and even worse, no user interaction, so it is Blind Trust On First Use. Source: Internet