The trouble is that the downsides of pinning are externalized onto the whole WebPKI.
If they're not using the WebPKI then everything is good, and way better than hand-rolling ... whatever that JSON is. I wouldn't call that pinning though; that's just using a private CA.
-
-
Still pinning to a specific CA; the decision to use publicly trusted PKI is orthogonal.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.