Removing dynamic pins was inevitable given the associated risk for all sites. Some ideas to fix those exist[1], but I'm not sure it's worth the effort in a fully CT-enforced web. That's probably time better spent somewhere else (such as improving CT itself and the gossip mechanism.)
I'm not convinced that static pins need to go too. There are something like 10 sites on that list currently, and all of them are valuable targets and should have the resources to ensure their pins don't fail. Even increasing that number to something like 100 should be manageable for browser vendors and would cover a large percentage of all page views (rather than just guarantee discovery after the fact).
I'm not convinced that static pins need to go too. There are something like 10 sites on that list currently, and all of them are valuable targets and should have the resources to ensure their pins don't fail. Even increasing that number to something like 100 should be manageable for browser vendors and would cover a large percentage of all page views (rather than just guarantee discovery after the fact).
[1]: https://blog.qualys.com/ssllabs/2017/09/05/fixing-hpkp-with-...