Neither HPKP nor HSTS deal with the issue of a-man-in-the-middle doing a downgrade attack against clients who are visiting a site for the very first time (which can be encouraged through phishing). There are only three ways to deal with this that I can think of:<p>1) Deprecate insecure HTTP. Literally get all the browsers to agree on a deadline X years out and then drop support for it entirely. HSTS would become irrelevant. I hold little hope of this ever happening, even in a HTTP/2 world. See IPv6<p>2) Keep increasing the size of the trusted, preloaded list of HTTPS enabled sites shipping with browsers: Neither the implementation nor the process to manage the list scales. It's just crappy all-round.<p>3) Standardise some SRV records for web protocols in the DNS so browsers can efficiently determine what is supported: Requires DNSSEC to prevent downgrade attacks.<p>Of these, #3 seems to me to be most practical. With regard to DNSSEC issues I would give these counterpoints:<p>* DNSSEC could and should be augmented to support ECC, obliterating the concerns with regard to large records and weak RSA key lengths.<p>* Browsers (or your OS's dnscache process) can cache DNS responses from most of the chain. If the ZSK hasn't been rolled over for a particular domain then I don't see the need to reverify it again on each request. It's not like revocation really works in HTTPS today anyway, so you probably aren't going to bother to check upstream for NSEC records on each request. Or just recheck upstream once a day. I don't really know, but I'm sure these latency issues can be minimized. Googles obsession with latency is how we ended up with the barf that is HTTP/2 rather than something that actually improves websec in the first place.<p>Another thing I don't often see people mention about HSKP and HSTS, regardless of whether they can be used as "supercookies", is that they create a more-or-less permanent shadow browser history on your machine. This alone is borderline show-stopper afaiac
I agree with his comments on HPKP. I looked in to adding HPKP headers to a couple of my sites, and figured out how to do it, but I'm nervous about enabling it. It seems far too easy to make a mistake and lock people out of being able to visit your site. The trouble is, if you make a mistake, they're not locked out until you get around to fixing it. They're locked out until the expiry date which you set in the HPKP headers, which could be months away.<p>We lack the proper tools to make this safe.