Ensures that our users are safer from Government / Network surveillance
Version: unspecified
Severity: enhancement
Ensures that our users are safer from Government / Network surveillance
Version: unspecified
Severity: enhancement
Do we actually need to pin the cert, or just make sure it's valid?
When we legitimately change certs (expiration, configuration change, etc) we don't want to scare users with a warning...
It is already requires to be valid.
We should perhaps start a larger conversation about cert pinning. I will investigate how other browsers and apps do pinning when I'm back online.