Y
Hacker News
new
|
ask
|
show
|
jobs
by
user5994461
2215 days ago
Trusting a specific hash would blow up when the service rotate its self-signed certificate, defeating the point of ignoring certificate error.
2 comments
josephcsible
2215 days ago
If you're rotating a self-signed certificate, then how do you suppose that clients securely trust it? Or if you just mean replacing it when it expires, then this could instead be tied to the underlying public key alone, which can be reused.
link
pornel
2215 days ago
If your clients support "rotating" self-signed certs just like that, it's a huge MITM vulnerability and makes HTTPS as secure as a TSA checkpoint.
link