conference logo

Playlist "MRMCD 2019 - Gesellschaftsspiele"

Certificate Pinning For The Rest Of Us


A talk about the utterly broken chain of trust of SSL/TLS certificates and certificate pinning in the browser as a means to take back control.

Web browser developers have been betrayed by the SSL/TLS chain of trust more than once in the past. As a result they are now pinning their own certificates which means that they only trust a particular issuer. This talk gives an overview how the chain of trust works, of potential attack vectors, presents remedies that were tried and explains why they were largely unsuccessful. Finally a solution is presented how the rest of us can also regain control with a Firefox plugin that pins certificates of our choosing and warns when nasty things happen.