Questions regarding HTTP Public-Key-Pinning (HPKP)

Question

1. Question:
Does HTTP Public-Key-Pinning (HPKP) really improve security?
A MITM (e.g. NSA) could intercept the first request to a server and respond with a "faked" certificate, signed by a compromised CA.
So HPKP only improves security if the initial connection to a server has not been tampered with, and if you are 100% sure, that you initially connected to the correct server.
Correct?

2. Question:
The Public-Key-Pins header needs to include at least two hashes of two distinct certificates, one serving as a "backup" certificate.
Does that mean that I have to buy two different certificates from two different CAs?
That would be rather expensive. Shouldn't a CA offer you to sign two certificates for the same domain if you buy one?
Security shouldn't come at a price, everyone should be able to build a secure service.

Answer 1

1. yes

2. HPKP is not related to the certificate itself. Like the name tells you it is about the public key.

To get a certificate you will create a certificate request using your private key. Your public key is stored within the certificate you get from the CA. That public key is then compared with the one the browser got by a previous request in the pinning header.

With your response you will deliver the public key of that private key and another public key of a private backup key.