Hacker News new | past | comments | ask | show | jobs | submit login

> that's what's your HTTPS certificate is for.

Not really... That certificate doesn't go back in time. If a domain expires, an attacker could reregister it under their name and get a valid certificate.

You'd be downloading from the right domain name with a valid HTTPS certificate, but you're not downloading from the same place as before.




> That certificate doesn't go back in time.

It does, kind of, if it's pinned.


HKPK doesn't have a ton of adoption and only works in browsers. So this does nothing for curl, wget, pip




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: