- From: Ilya Grigorik <notifications@github.com>
- Date: Tue, 11 Aug 2015 09:57:30 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 11 August 2015 16:58:43 UTC
@annevk seems like it would be trivially abused to block access to origins (e.g. some third party decides to block access to competitor.com by specifying false list of pins).. and in the process it would trigger false cert validation failures which is a terrible outcome both for users and owners of that origin; if origin changes their cert they block themselves because other origins are using old pins in their configs. That said... maybe I'm barking up the wrong tree. I'll defer to @sleevi and @mikewest. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/98#issuecomment-129967558
Received on Tuesday, 11 August 2015 16:58:43 UTC