← Back to context

Comment by Beldin

1 year ago

> that's what's your HTTPS certificate is for.

Not really... That certificate doesn't go back in time. If a domain expires, an attacker could reregister it under their name and get a valid certificate.

You'd be downloading from the right domain name with a valid HTTPS certificate, but you're not downloading from the same place as before.

2 comments

Beldin

Reply
recursive  1 year ago

> That certificate doesn't go back in time.

It does, kind of, if it's pinned.

  • dgrove  1 year ago

    HKPK doesn't have a ton of adoption and only works in browsers. So this does nothing for curl, wget, pip