Steven Bellovin writes: > The only Chrome browser I have lying around right now is on a Nexus 7 tablet; > I don't see any way to list the pinned certs from the browser. There is a > list at http://www.chromium.org/administrators/policy-list-3, and while I > don't know how current it is you'll notice a decided dearth of interesting > sites with the exceptions of paypal.com and lastpass.com.
You can see the current list of cert pins and HSTS preloads in the Chromium source tree at https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.h?view=markup or https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.json?view=markup -- Seth David Schoen <sch...@loyalty.org> | No haiku patents http://www.loyalty.org/~schoen/ | means I've no incentive to FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150 | -- Don Marti