I love the concept of certificate pinning, but I don't see how it solves the core problem:
User: Why should I trust this root CA to secure this domain?
Domain Owner: How can I specify which root CA should be trusted to secure this domain?
If neither of these parties are significantly involved in the trust decision, how can it be said that trust has been established at all?
Most pinning implementations seem to either delegate the trust to someone else (browsers, OS, libraries, etc.) or blindly trust the information presented in the first encounter. This is no different than the historical model. There's nothing preventing any application from presenting a warning when a known certificate changes or a new one is encountered, so what does pinning offer other than extra complexity?
Locally cached relationships aren't any more viable than using an /etc/hosts file for the whole Internet (and pose additional privacy concerns). Leveraging DNS is a worthy goal, but if it was secure enough for this purpose, it would eliminate the need for pinning because a domain owner could confidently present its public key via DNS.
I believe in defense in depth, and this work is important, but we seem to be making little progress in solving the fundamental problem of establishing trust. Maybe it's as unsolvable on the Internet as it is in the real world.
User: Why should I trust this root CA to secure this domain?
Domain Owner: How can I specify which root CA should be trusted to secure this domain?
If neither of these parties are significantly involved in the trust decision, how can it be said that trust has been established at all?
Most pinning implementations seem to either delegate the trust to someone else (browsers, OS, libraries, etc.) or blindly trust the information presented in the first encounter. This is no different than the historical model. There's nothing preventing any application from presenting a warning when a known certificate changes or a new one is encountered, so what does pinning offer other than extra complexity?
Locally cached relationships aren't any more viable than using an /etc/hosts file for the whole Internet (and pose additional privacy concerns). Leveraging DNS is a worthy goal, but if it was secure enough for this purpose, it would eliminate the need for pinning because a domain owner could confidently present its public key via DNS.
I believe in defense in depth, and this work is important, but we seem to be making little progress in solving the fundamental problem of establishing trust. Maybe it's as unsolvable on the Internet as it is in the real world.