[px43]

Can you explain to me how you think certificate pinning would work in JavaScript? That doesn't make any sense.

Client-side crypto (even in JavaScript) has its place, but certificate pinning is specifically a TLS thing, and IMO not relevant to this discussion.

[bawolff]

You have funcs to make public/private key pairs. Funcs to sign things. You can make your own PKI in the usual manner. You could then pin on specific keys in your chain of signatures if you want.

Why you would, i dont know. Its a terrible idea like most use cases for js client side crypto, but you could if you wanted to. Then again, cert pinning is a mostly terrible idea in the context of TLS too.