Hi
The similarity of pinning and DANE has been discussed before. DANE relies on
DNSSEC being deployed, which key-pinning does not. Come to think of it, the
draft needs a section comparing with DANE, but that's for another thread.
draft-perrin-tls-tack seems to tackle the same problem as
On 21/09/11 14:18, Phillip Hallam-Baker wrote:
Promiscuous security:
The site deploys SSL as an option that browsers can choose to use.
Pages may include transcluded content from insecure sites. The cert may
just be a self signed cert, browsers should just silently upgrade the
transport