[spam][crazy] Adding Cert Pinning to E-X

grarpamp grarpamp at gmail.com
Mon Feb 21 00:13:29 PST 2022


> I had thought cert pinning was a normal further step after use of CA
> certs.

No, they are independent, because the CA's cannot be trusted.
CA's are 3rd parties in it to make money, seamless browsing
as a coproduct, not to provide e2e or endpoint security or insurance.
And many CA's in global cert stores are pointless and risk of state
coercion or rogue. Pinning is between you and owner of the server,
period, as it should be. Non-pinned CA model is still a big MITM risk.
Full DER cert pinning is fine if people believe CA's and the
CA scheme, but the underlying pinning of the pubkey
is what is actually securing the connection and is all that
is really needed. Server owners really should be publishing signed
hashes of their server certs in public on different infrastructure
blockchains keybase twitter linktree etc, but they don't, so you
have to ask them for hashes, which if done properly is better
than believing some random CA's in a MITM environment.

> How long's google been rotating their certs?

Years, but they probably still do not publish cert history
so backverification is broken..


More information about the cypherpunks mailing list