On 2/20/22, grarpamp <[email protected]> wrote: >> how pubkey pinning differs from that much > > Try pinning google's, or any letsencrypt, end service full DER certs, > it's a maintenance headache because they're constantly changing. > Pinning google's intermediate certs (pubkey or full DER), or the LE > end service pubkeys, can reduce maintenance, with same security.
I had thought cert pinning was a normal further step after use of CA certs. How long's google been rotating their certs? Do you have a link regarding this?
