This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
Certificate Pinning #439
Comments
|
closing since latest docs don't mention anything about certificate pinning |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Genuine question on this one - but is pinning not considered an obsolete / bad practice today? I'm by no means a security expert but it was my impression that this causes more issues than it solves, and has since been essentially abandoned. Just noticed this when reviewing your security documentation (as a form of basic checklist if anything)...
I may be wrong!
Some references I've reviewed:
https://www.digicert.com/blog/certificate-pinning-what-is-certificate-pinning
https://cheapsslsecurity.com/p/what-is-http-public-key-pinning-and-why-its-not-good/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
Maybe I'm getting confused with two different approaches.
Thanks
The text was updated successfully, but these errors were encountered: