On Nov 18, 2013, at 2:49 AM, Theodore Ts'o <tytso@xxxxxxx> wrote: > > One of the reasons why the bogus Diginotar certificates were detected > was because Google Chrome had a feature called "certificate pinning" > --- which is not a feature normally associated with PKI's. It's > unfortunately not all that scalable, since it involved hard-coding > certificates, or their hashes, in the browser binary. The challenge > is coming up with a solution that *is* more scalable, and less > dependent on trusting that CA's are competently run. Pinning every HTTPS certificate on the planet is not scalable. What you *can* do is have each site pin their site. That's the point of HPKP ([1]). For this to work, you need to at some point be without the MITM. I guess that wouldn't help you much where MITM are pervasive, like Iran or Syria, but it would work where attacks are the exception. Another option in DANE. That has its own DNSSEC trust chain, and I don't know whether it's more or less vulnerable to interference when compared to the web PKI. Yoav [1] http://tools.ietf.org/html/draft-ietf-websec-key-pinning