Avoiding downtime: modern alternatives to outdated certificate pinning practices
Certificate pinning, once considered a gold standard for security, has become outdated in today's evolving technological landscape. The practice involves associating a hostname with a specific TLS certificate to prevent man-in-the-middle attacks. However, frequent changes in the PKI ecosystem have led to an increase in outages caused by certificate pinning. Modern standards and practices such as shorter certificate lifetimes, regular rotation of intermediate certificates, and increased use of certificate transparency are making the need for certificate pinning obsolete. These advancements offer automated, scalable, and robust security measures without the management overhead or risk associated with certificate pinning.
Company
Cloudflare
Date published
July 29, 2024
Author(s)
Dina Kozlov
Word count
2953
Language
English
Hacker News points
None found.