Apr 6 2016
@BBlack If you want someone to remind you about it, I am happy to volunteer. ;)
Sep 9 2015
Jun 20 2015
Are you considering doing a phase where you do the Public-Key-Pins-Report-Only header first, to see what the likely issues would be?
Jun 2 2015
Another alternative would be to try to finish the work of the original patch author and get it accepted upstream, with all of the stapling stuff sorted out.
Apr 3 2015
The current RFC states that Wikipedia Zero partners often disallow HTTPS. I'm wondering how we can address that.
Mar 14 2015
If it's helpful, we got a pretty good perspective from the authors of the HPKP spec on how to think about pinning, on this GitHub thread:
Jan 15 2015
Have you looked at SSLMate for a CA (reseller)? https://sslmate.com/
This seems like a smart thing to prioritize for the HTTPS-by-default tag, since it has such drastic front-end speed improvements for multiplexing resources. I've never managed an infrastructure like Wikipedia's, but the SPDY module for nginx has shipped for a while and is very easy to turn on.