Yeah, I agree with you. I suppose I worded that strangely. I didn't mean cut certs out of the equation, just use fingerprints as fallback, if possible. I wasn't aware of HPKP. According to mozilla docs, it's lacking some browser support. If it got implemented across the board, this would be great. I suppose it also depends on whether or not the browser screams at the user if the fingerprint fallback is necessary.