Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

And cert pinning in the browsers blows this out of the water, which is why I'm of two minds about it as a security feature. It seems that a lot of security these days is really about removing people's control over their own devices.


Certificate Key Pinning is in the process of being removed from browsers. https://developers.google.com/web/updates/2018/04/chrome-67-...


You can import an own root cert which will be honored. I work in a company where all internal servers have a certificate a non-public root has signed. Works both on Chrome and FF.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: