Cert pinning

Hal Murray hmurray at megapathdsl.net
Thu Mar 28 23:26:55 UTC 2019


Gary said:
>> There is a downside. Every time it changes, you have to take
>> a leap of faith when you re-pin it, rather than getting normal
>> CA validation.
> You miss the point, this is addition to normal CA validation, not an
> alternative to it.  Just like HPKP. 

I'm missing something important.  Why would I need additional validation?  
Isn't normal certificate validation good enough?

-- 
These are my opinions.  I hate spam.





More information about the devel mailing list