> Keep in mind certificate pinning is a fairly (very!) recent
> addition to the internet security landscape
As with much technology it is a re-invention of how we used to do things.
Many corporate websites still use client-side certificates to ensure that the client is talking to the correct server.
In the early days of Internet banking, some bank sites used to do the same; I received a cert from my bank on a shiny 'CD-ROM'. Sadly they discontinued that validation along with publishing their PGP key for secure e-mail. A step backwards.
As with much technology it is a re-invention of how we used to do things.
Many corporate websites still use client-side certificates to ensure that the client is talking to the correct server.
In the early days of Internet banking, some bank sites used to do the same; I received a cert from my bank on a shiny 'CD-ROM'. Sadly they discontinued that validation along with publishing their PGP key for secure e-mail. A step backwards.