Hacker News new | past | comments | ask | show | jobs | submit login

I was excited for this until I read that user-installed root CAs are allowed to override the pinning. I suppose it's still a good development though.



I was thinking the exact opposite. Many organizations (especially the govt) rely on SSL proxies like BlueCoat that effectively hijack SSL traffic with on the fly generated SSL certs from a trusted organizational CA, in order to inspect/filter outbound data. 'Pinning' would totally destroy this capability if organizational CA's couldn't override it.


Truly. Malware will just install user defined root CAs and you will be exploited that way.


Or it could just fiddle with the browser directly. Why is trusting explicitly user-supplied CAs such a bad thing?


He has the thread model backwards. If your advisary already can modify files on your computer, you have other things to worry about than SSL being compromised through the network.

The malware could just as well intercept your data before it is encrypted, for example, by installing a rogue SSL library. No need for sniffing and fake certs.


Securing the data in transit and securing it on a device are two different concerns and it seems silly to expect a network protocol to be able to secure against scenarios where malware is at play.

If you're infected with malware, just patch Chrome in memory to report everything as SSL connected, etc. If you're already compromised, nothing Google can do can help you.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: