I have a confession to make: I fear that HTTP Public Key Pinning (HPKP, RFC 7469)—a standard that was intended to bring public key pinning to the masses—might be dead. As a proponent of a fully encrypted and secure Internet I have every desire for HPKP to succeed, but I worry that it’s too difficult and too dangerous to use, and that it won’t go anywhere unless we fix it. What is public key pinnin
![Is HTTP Public Key Pinning Dead? | Qualys Security Blog](https://cdn-ak-scissors.b.st-hatena.com/image/square/8b772132067e016aae7336d9dd7d33df3f89f731/height=288;version=1;width=512/https%3A%2F%2Fik.imagekit.io%2Fqualys%2Fwp-content%2Fuploads%2F2024%2F05%2Fqblog-thumbnail.png)