MRMCD 2019

Certificate Pinning For The Rest Of Us
2019-09-14, 18:10–18:40, Park Lane

A talk about the utterly broken chain of trust of SSL/TLS certificates and certificate pinning in the browser as a means to take back control.


Web browser developers have been betrayed by the SSL/TLS chain of trust more than once in the past. As a result they are now pinning their own certificates which means that they only trust a particular issuer. This talk gives an overview how the chain of trust works, of potential attack vectors, presents remedies that were tried and explains why they were largely unsuccessful. Finally a solution is presented how the rest of us can also regain control with a Firefox plugin that pins certificates of our choosing and warns when nasty things happen.