new | ask | show | jobs
precommunicator 4 days ago  [ - ]

> everyone will be so used to certificates changing all the time, and no certificate pinning anymore

Browser certificate pinning is deprecated since 2018. No current browsers support HPKP.

There are alternatives to pinning, DNS CAA records, monitoring CT logs.

blincoln 2 days ago  [ - ]

Cert pinning is a very common practice for mobile apps. I'm not a fan of it, but it's how things are today. Seems likely that that will have to change with shorter cert lifetimes.