Given that the actual TLS keys are not pinned,
the site is able to deploy different certificates and keys on different servers, without having the
clients to renew its pins. Also since pins are not based on CA keys, there is no need to trust in
CAs. TACK also defines a mechanism to activate pins. As part of the TLS handshake,