On 2015-12-09, Giancarlo Razzolini <grazzol...@gmail.com> wrote: > Also, now that we have two free TLS certs providers, one can use HPKP > and completely disregard the CA's, which is a security benefit.
Also wosign (and, sort-of, cloudflare). btw, HPKP doesn't work too well with letsencrypt as-is (which wants to generate a new key each time). It can be hacked around but is a bit of a pain.. (I wasn't aware that it lets you disregard the CAs though?)
