top | item 35867435 (no title) Rimintil | 2 years ago And one of the most security and privacy user-friendly features, defeating MiTM attacks from corporations and governments. discuss order hn newest rektide|2 years ago Immoral & wrong to use possible security threats as excuses to secure devices against their owners. There have to be escape hatches. It has to be the user's device.Mitm your own traffic is a right. It's my traffic, not yours. aaomidi|2 years ago I would challenge you on this.Certificate pinning makes declaring an incident where you’ve had your private key stolen effectively impossible.Which means you’re going to end up sacrificing user security when it inevitably ends up in that situation. gruez|2 years ago >Certificate pinning makes declaring an incident where you’ve had your private key stolen effectively impossible.Is this an issue? If the certificate you pinned corresponds to a key on a HSM, what are the chances it's going to get stolen? load replies (2)
rektide|2 years ago Immoral & wrong to use possible security threats as excuses to secure devices against their owners. There have to be escape hatches. It has to be the user's device.Mitm your own traffic is a right. It's my traffic, not yours.
aaomidi|2 years ago I would challenge you on this.Certificate pinning makes declaring an incident where you’ve had your private key stolen effectively impossible.Which means you’re going to end up sacrificing user security when it inevitably ends up in that situation. gruez|2 years ago >Certificate pinning makes declaring an incident where you’ve had your private key stolen effectively impossible.Is this an issue? If the certificate you pinned corresponds to a key on a HSM, what are the chances it's going to get stolen? load replies (2)
gruez|2 years ago >Certificate pinning makes declaring an incident where you’ve had your private key stolen effectively impossible.Is this an issue? If the certificate you pinned corresponds to a key on a HSM, what are the chances it's going to get stolen? load replies (2)
rektide|2 years ago
Mitm your own traffic is a right. It's my traffic, not yours.
aaomidi|2 years ago
Certificate pinning makes declaring an incident where you’ve had your private key stolen effectively impossible.
Which means you’re going to end up sacrificing user security when it inevitably ends up in that situation.
gruez|2 years ago
Is this an issue? If the certificate you pinned corresponds to a key on a HSM, what are the chances it's going to get stolen?