Hacker News new | comments | show | ask | jobs | submit login

In this case, if understand the concept correctly, it would be iTunes that pins the certificate authority for the iTunes server.

One would still be vulnerable of a corrupt CA. The only solution to this would be to issue all certificates from an internal CA and verify this in your application.

Or you could just harcode the certificate fingerprint and refuse to accept anything else. It's trivial when you own the client.

I'm not sure if this would break when you needed to renew the certificate, but I guess you only update the signature, not the actual public key.

But if China is already MITM, they can modify or replace the binary while you are downloading it.

Yep. In that case, you don't own the client.

When you ship your own browser and OS you can prob get away with that.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact