> Brian searches for "front for the ..." at noon Thu. and gets > a href for JPF with PIN1 valid until Saturday. > > JPF rekey late Thursday. Let's say it was an emergency. > > Brian visits JPF Friday morning and PIN1 no longer matches > the JPF TLS server cert. > > What happens then? >
If Brian kept the search results page open and re-clicked it on Saturday, it would look like a broken link. In practice, search engines are very conservative about serving broken links, so they wouldn't have served the s-link with a validity until Saturday unless they saw JPF.org setting HPKP pins with validity through Saturday (in which case JPF couldn't re-key without bricking users, independently of s-links). Even if the search engines were serving "inferred pins" though which weren't based on HPKP or some other commitment, Brian could access the site after Thursday If he typed in the URL, refreshed his existing page, or looked in his history, since none of these would be affected by the s-link seen on Thursday. Joe
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
