Hacker News new | past | comments | ask | show | jobs | submit login

It seems like "one guy pinning certificates to Chrome" might be an interesting attack vector. How does he verify you actually work for the high-profile site in question?



Same way they do other verifications I suppose; by proving you have write access to the server in question. If someone malicious can manage that, there's bigger problems than SSL.


Presumably it still checks the certificate is valid otherwise the worse case would just be that the legitimate site would not work.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: