/plushcap/analysis/cloudflare/why-certificate-pinning-is-outdated

Avoiding downtime: modern alternatives to outdated certificate pinning practices

What's this blog post about?

Certificate pinning, once considered a gold standard for security, has become outdated in today's evolving technological landscape. The practice involves associating a hostname with a specific TLS certificate to prevent man-in-the-middle attacks. However, frequent changes in the PKI ecosystem have led to an increase in outages caused by certificate pinning. Modern standards and practices such as shorter certificate lifetimes, regular rotation of intermediate certificates, and increased use of certificate transparency are making the need for certificate pinning obsolete. These advancements offer automated, scalable, and robust security measures without the management overhead or risk associated with certificate pinning.

Company
Cloudflare

Date published
July 29, 2024

Author(s)
Dina Kozlov

Word count
2953

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.