Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
store: add basic certificate pinning #2316
Conversation
mvo5
added some commits
Nov 21, 2016
|
Closing for now as there is more work here |
mvo5
closed this
Nov 23, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
mvo5 commentedNov 21, 2016
Some questions we need to discuss:
a) login.ubuntu.com because it gets passwords
b) search.apps.ubuntu.com because the client trusts the data without additional checks
c) NOT public.apps.ubuntu.com - we check snaps based on assertions
d) NOT assertions.ubuntu.com - we cross check assertions anyway
e) myapps.developer.ubuntu.com - icons?
a) do not use https for snapdownloads
b) disable cert pinning for snap downloads
a1) create new valid-certs-assertions
a2) disable cert pinning for assertions.ubuntu.com
a3) refresh valid-certs-assertion regularly
a4) use content of valid-cert-assertion for the cert checks