ara4n
commented
7 years ago This is really a bug for iOS & Android, given on Web I don't think we have any choice than trust the browser to detect TLS foul play (e.g. we can't get at the server's TLS details short of craziness like https://github.com/digitalbazaar/forge/blob/master/README.md, and I don't think that @tomrittervg's proposal at https://lists.w3.org/Archives/Public/public-webcrypto-comments/2013Feb/0000.html ever landed).
It's worth noting that this would only really make sense on electron, given that if someone has MITMed the cert they could equally well be serving us malicious JS too (unless we also get on and implement some kind of secure javascript bootloader like hyperboot - c.f. https://github.com/vector-im/riot-web/issues/2739, but none of those are perfect either).
Much drama over at https://medium.com/@pepelephew/how-to-intercept-all-wire-voice-and-video-calls-13da1246675c#.aa9txx9r1 because Wire don't pin their TLS certs (and also don't seem to put their VoIP signalling over axolotl). AIUI this means that an attacker can load a fake CA root cert onto a device, serve up bogus DNS with a bogus cert, and happily MITM away. Given we support cert pinning for self-signed certs (on iOS & Android at least), should we also do so for CA-signed ones too?