|
|
|
|
|
|
by brirec
876 days ago
|
|
|
I’m not aware of any HTTPS MITM that can function properly without adding its own certificate to the trusted roots on your system (or dismissing a big red warning for every site), so I don’t think certificate pinning is necessary in such an environment (if the concern is MITM by a corporate firewall). An attacker would still need to either have attacked the domain in question, or be able to forge arbitrary trusted certificates. |
|
|