The trouble is that the downsides of pinning are externalized onto the whole WebPKI.
-
-
I agree that pinning in a mobile application is a reasonable pattern. It is one that requires planning and management in that you can DoS yourself. I don’t see this as externalized risk. I do question if a government agency is competent enough to deploy it safely.
2 replies 0 retweets 0 likes -
App store updates can't be rolled out immediately, and not everyone updates right away, so there's always risk of some breakage. Here's an example where the cost of an app developer's poor planning and management was externalized: https://cabforum.org/pipermail/public/2016-November/008989.html …
1 reply 0 retweets 1 like -
Yes, this is what I said, but I don’t get the externalized argument. If I pin and down my site it is my site, and my business is harmed not your.
2 replies 0 retweets 0 likes -
Symantec misissued a cert with a sequential serial number to avoid breaking a mobile app which had botched their pinning. That's absolutely an externalized cost.
1 reply 0 retweets 0 likes -
The mississiance was the externalizations, not the pinning.
1 reply 0 retweets 0 likes -
It's not just the misissuance, but also difficulty distrusting a CA, because a site can't swap out their cert until they update their mobile app and a sufficient number of users upgrade.
2 replies 0 retweets 0 likes -
I wish that CAs and UAs were willing to let the people who misuse the WebPKI (e.g. through poorly planned pinning) burn; then there would be no externalization. But that's not the case, so I think pinning even in mobile apps ought to be discouraged.
1 reply 0 retweets 1 like -
Wow, they got Symantec to reissue a cert over a holiday? Now I feel like chopped liver
1 reply 0 retweets 1 like
I'm sure it cost them a pretty penny. "Nuisance fee" is how I heard heard it described once ;-)
-
-
It was not available for any price when I needed it, not that I’m still bitter or anything ;-)
0 replies 0 retweets 4 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.