Validating identity problem
Others who actively engage in pinning include Google and its browser Chrome.
Chrome was successful in detecting the Digi Notar compromise which uncovered suspected interception by the Iranian government on its citizens.
Users, developers, and applications expect end-to-end security on their secure channels, but some secure channels are not meeting the expectation.
Specifically, channels built using well known protocols such as VPN, SSL, and TLS can be vulnerable to a number of attacks.
The Canada Revenue Agency (CRA) may send you a questionnaire or a letter asking for documents to confirm that we have correct and up-to-date information for you.
While organizations which control DNS and CA have likely reduced risk to trivial levels under most threat models, users and developers subjugated to other's DNS and a public CA hierarchy are exposed to non-trivial amounts of risk.
If you need help or you’re having problems getting the documents we are asking for, or if you need more time to get the documents, call the telephone number provided in the letter or call 1-800-387-1193.
If you need a copy of the questionnaire or letter the CRA sent you, call 1-800-387-1193.
For those familiar with SSH, you should realize that public key pinning is nearly identical to SSH's option.
SSH had it right the entire time, and the rest of the world is beginning to realize the virtues of directly identifying a host or service by its public key.