
HTTPS sites are encrypted with a public/private key pair, being vouched for in a certificate by having that certificate signed by a trusted CA. However, it might be possible that somebody generates a certificate for your domain and has it signed by a fraudulent or compromised CA. Protection against this is provided by use of HKPK. But what keys should be "pinned" and why? I've found information about this online to be lacking, so I did some research and here's the results.
Read more