Remix clone Hacker News

This means I will need to update the app when the certificate changes on the server, i.e. it has expired and needs to be renewed.

▲

erezhod 11 hours ago | parent | prev [-]

In a world of growing cyber threats, securing your app’s communication is critical. Learn how to implement Certificate Pinning in Swift with URLSession in order to protect your iOS or macOS apps from man-in-the-middle attacks and keep user data safe.

▲

westurner 2 hours ago | parent [-]

Do other softwares support specifying a CA bundle per domain or cert pinning?

Should FIPS specify a more limited CA cert bundle and/or cert pinning that users manage?

When the user approves a self-signed cert in the browser, isn't that cert pinning but without PKI risks and assurances?

What about CRL and OCSP; over what channel do they retrieve the cert revocation list; and can CT Certificate Transparency on a blockchain to the browser do better at [pinned] cert revocation?

	▲	westurner 2 hours ago \| parent [-]
		Also probably relevant to these objectives: "Chrome switching to NIST-approved ML-KEM quantum encryption" (2024) https://www.bleepingcomputer.com/news/security/chrome-switch... "A new path for Kyber on the web" (2024) https://security.googleblog.com/2024/09/a-new-path-for-kyber... Does Swift yet support ML-KEM too?