Avoiding downtime: modern alternatives to outdated certificate pinning practices

Certificate pinning, once considered a gold standard for security, has become outdated in today's evolving technological landscape. The practice involves associating a hostname with a specific TLS certificate to prevent man-in-the-middle attacks. However, frequent changes in the PKI ecosystem have led to an increase in outages caused by certificate pinning. Modern standards and practices such as shorter certificate lifetimes, regular rotation of intermediate certificates, and increased use of certificate transparency are making the need for certificate pinning obsolete. These advancements offer automated, scalable, and robust security measures without the management overhead or risk associated with certificate pinning.