Y
Hacker News
new
|
ask
|
show
|
jobs
by
dzhiurgis
2697 days ago
So what DOES pinning protect against? Certs generated by state actors with access to CA’s?
2 comments
frankchn
2697 days ago
That, and (more commonly) CAs mis-issuing certificates to malicious actors due to bugs or weak internal controls.
link
jevinskie
2697 days ago
You can enforce certificate pinning in your own native app. You can even go as far as not trusting the hookable (on a JBen device) system libraries and link in your own OpenSSL or something similar.
link