When a user's machine has a wrongly set date that is let's say a year in the future then even a pin with max-age=86400*30 (a month) might last "1 year and a month" in case the user's machine succeeds in correcting the date in this first month manually or via NTP or the like. I don't think this is a common problem but blocking a user from accessing a host by keeping a stale pin around for longer than desired is tough to debug. An easy fix might be to record the SiteHPKPState creation time and save that to disk as well. When loading pins we could simply discard the ones created in the future.

FTR, the Chromium bug: https://code.google.com/p/chromium/issues/detail?id=445760

(In reply to Tim Taubert [:ttaubert] from comment #1) > https://code.google.com/p/chromium/issues/detail?id=445760 This was wontfixed with the reasoning that if the system clock is too far in the future, many things will go wrong. I agree.