Hacker News new | past | comments | ask | show | jobs | submit login

Although pinned certificates have gone out of favor on the web, they are still very frequently used by iOS and Android apps. Last time I checked, the Facebook Messenger app refused to work when being MitM'ed.

I hope they pin on the key, not the certificate. For a mobile app I worked on, I had it pin the public key on the leaf certificate and indeed it would fail to connect in this scenario.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact