Hacker Read top | best | new | newcomments | leaders | about | bookmarklet login

Certificate pinning is one of the most user-hostile security inventions we've created. It makes it so hard to get access to the traffic coming out of your own device, which heavens, seems like such an elementary ask.

reply



view as:

And one of the most security and privacy user-friendly features, defeating MiTM attacks from corporations and governments.

reply


Immoral & wrong to use possible security threats as excuses to secure devices against their owners. There have to be escape hatches. It has to be the user's device.

Mitm your own traffic is a right. It's my traffic, not yours.

reply


I would challenge you on this.

Certificate pinning makes declaring an incident where you’ve had your private key stolen effectively impossible.

Which means you’re going to end up sacrificing user security when it inevitably ends up in that situation.

reply


>Certificate pinning makes declaring an incident where you’ve had your private key stolen effectively impossible.

Is this an issue? If the certificate you pinned corresponds to a key on a HSM, what are the chances it's going to get stolen?

reply


The chance of a corporation mismanaging & accidentally letting their key get leaked is not a technical problem, like you pose. The HSM is fine. No one's going to crack your encryption.

But omgosh the Conways law implications of securing your nuclear waste, oops, i mean your hsm, are incredibly complex & long lived challenges. The odds of any given company accidentally messing up some month or another are quite high. If you have certificate pinning, you literally cannot escape your own mistakes. The ability to respond to mistakes should probably be taken as a necessary for most security footings of most organizations, and the whole point of certificate pinning is that response is impossible, that a cert is pinned in.

reply


Tell it to Intel and their secureboot keys.

reply


Legal | privacy