Not talking strictly HTTPS. Even so, when have you been directly notified by an app when they updated their pinned certificate? Or even having visibility to a currently pinned certificate and it’s expiry?
It’s not even the key exchange exchange security - that’s largely solved. It’s the swap out and zero-visibility attacks.
I’m largely targeting WhatsApp, Apple iMessages and FaceTime, and whatever large corp constant use a few buzz words that are literally meaningless.
I hope we can do better on Nostr, once key rotation is more mature. We need greater transparency around security related changes. I’m unsure how to include them outside of the app itself - which shouldn’t be trusted.
wakoinc / Blake
npub1ktw…mrvj
2023-07-21 14:53:42
in reply to nevent1q…tss4
Author Public Key
npub1ktw5qzt7f5ztrft0kwm9lsw34tef9xknplvy936ddzuepp6yf9dsjrmrvjPublished at
2023-07-21 14:53:42Event JSON
{
"id": "18e9ff45c387a3c0f886892b015f2b87819473b33dd8a42b5dd5d59ab18c716f",
"pubkey": "b2dd40097e4d04b1a56fb3b65fc1d1aaf2929ad30fd842c74d68b9908744495b",
"created_at": 1689944022,
"kind": 1,
"tags": [
[
"e",
"d8e3d88d8fa5b725afdb3706c62fee2cfe342ed536790374158aa13741ae2baf"
],
[
"e",
"2345d016a8b09f1006a3ced80f9de88be25c7145411a3b68dde753bd28572cd8"
],
[
"p",
"8fb140b4e8ddef97ce4b821d247278a1a4353362623f64021484b372f948000c"
]
],
"content": "Not talking strictly HTTPS. Even so, when have you been directly notified by an app when they updated their pinned certificate? Or even having visibility to a currently pinned certificate and it’s expiry?\n\nIt’s not even the key exchange exchange security - that’s largely solved. It’s the swap out and zero-visibility attacks. \n\nI’m largely targeting WhatsApp, Apple iMessages and FaceTime, and whatever large corp constant use a few buzz words that are literally meaningless.\n\nI hope we can do better on Nostr, once key rotation is more mature. We need greater transparency around security related changes. I’m unsure how to include them outside of the app itself - which shouldn’t be trusted.",
"sig": "514740a386c78a08ed999d72ffdccbb70748d51b7c0f9b5de8e5d796369abc41856c97578862fb15daa4c083f5f22049f4c9ddc24dd9308b06a38543f122c7b2"
}