Please don’t use certificate pinning
Symantec misissued a cert with a sequential serial number to avoid breaking a mobile app which had botched their pinning. That's absolutely an externalized cost.
-
-
The mississiance was the externalizations, not the pinning.
-
It's not just the misissuance, but also difficulty distrusting a CA, because a site can't swap out their cert until they update their mobile app and a sufficient number of users upgrade.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.