SSL Pinning Vs Certificate Transparency

[gaurav wadhwa]

Hi Team

Hope you all are doing good !! 

Considering certain drawbacks of SSL Pinning (continuity of the app), would like to understand following: 

1.  If organisation can consider replacing SSL Pinning with Certificate transparency itself on Android / iOS app
2. If yes, would like to understand if it provides similar level of protection to the app
3. Is there any disadvantage of doing Certificate transparency over SSL pinning
4. If you know any organizations who are moving to certificate transparency over SSL Pinning of mobile app

Regards, 

Gaurav

[Bas Westerbaan]

Pinning and CT serve two different purposes, and it's a bit weird to compare them as security measures.

CT does not directly prevent misissuance: it only helps to to detect it if it happens. You can read more here: https://certificate.transparency.dev/

If you control both sides and can pin a leaf or (intermediate) CA, that's a strictly better measure, as it actually directly prevents certain bad situations.

Best,

 Bas

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/93b14c0e-ca25-479d-a422-c8114a4ce60bn%40googlegroups.com.