Comment by Beldin
1 year ago
> that's what's your HTTPS certificate is for.
Not really... That certificate doesn't go back in time. If a domain expires, an attacker could reregister it under their name and get a valid certificate.
You'd be downloading from the right domain name with a valid HTTPS certificate, but you're not downloading from the same place as before.
> That certificate doesn't go back in time.
It does, kind of, if it's pinned.
HKPK doesn't have a ton of adoption and only works in browsers. So this does nothing for curl, wget, pip