Hacker News new | comments | show | ask | jobs | submit login

Correct. Even though Chrome calls its feature "certificate pinning", it is actually pinning public keys. Trevor pointed me at their code below:


The criticism of Chrome's pinning is still valid though. The pinned key is allowed to show up anywhere in the cert chain, not just at the leaf certificate. Also, they have to pin several CAs, as well as multiple keys per CA to deal with sub-CAs.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact