Geek Answers Handbook

Securing SSL with * .appspot.com: How do I know when Google will change its public key?

I have an iOS application that is going to live in the App Store, which uses the Google App Engine as a server server. In the binary file of the application is * .appspot.com. a wildcard certificate that allows me to require SSL binding of any HTTPS connection using the public key of the certificate. This helps prevent human-in-the-middle attacks on my connection with the client and server.

When I installed this, I knew that Google had used its * .appspot.com. certificates every month or two. However, I expected appspot.com to use the same public key month after month so that the connection between my application and the server would not be broken.

However, in the latest certificate without warning, Google changed its public key. Now my application is DOA, because the connection with my server is on. Am I trying to use SSL binding using * .appspot.com. certificate? Does Google tell developers when they are about to change their public key? Should I use my own certificate instead of a custom domain?

+4
source share
2 answers

, ( , Cloud tech), . :

SSL *.appspot.com. ?

.

Google , ?

, .

?

, . , - .

: - - -? , , 5% , , ? , PIN-, , - , , , ; , , "bricking" , ...

+6

, Google ?

Google , - . .

, , , , . .

Google / (30 ), CRL ( ). .

Google

, , . ? Google (Google Internet Authority G2), CA (GeoTrust Gobal CA) ?

Google Android 4.2 Pinning. Google .

DOA, . SSL *.appspot.com. ?

, , . , - , , HTTP (HPKP).

CA/B ( ) EV, Google CA/B ( CA/B, IETF, ).

Google HPKP? ( , SST/TLS HPKP ).

... IETF HTTP. RFC HPKP. IETF , CA/B, .

, RFC. , , :

  • - .

, . , - W3C ( , . ).

IETF -ietf-websec-ke y-pinning.

+3

More articles:


All Articles