certpinning with short living keys
Due to the often refreshing of certificates (LetsEncrypt), and the not-so often updating of the app the pinning in the Android app is too often. Current version is from 2015, and we're now having the third cert on demo.bitmask.net. There's no way to deal with cert updates.
This pinning is for contacting the provider.tld/provider.json; we can expect people continuing to use CA-certificates for their website. Implying there's a chain. What about adding a second key, for example from the CA? According to the documentation, that's possible: // Define an array of pins. One of these must be present // in the certificate chain you receive. A pin is a hex-encoded
There are arguments pro and contra, bring them on!
(from redmine: created on 2016-09-09, closed on 2016-09-20)