I just read following statement in a technical guideline about network-accessible mobile devices with medical applications (BSI TR 03161):
The application MUST verify the integrity of the back end before accessing it
with reference to:
The application MUST support certificate pinning, i.e. it SHALL NOT accept certificates whose certificate chain does not appear trustworthy to the manufacturer [RFC7469].
and also:
The application MUST validate the integrity of the backend responses
What possibilities are there for an application to verify the integrity of a back end rsp. its responses?
As far as I understand it, the certificate pinning is used to validate the authenticity and aid to the confidentiality. However, a compromised back end with compromised keys and manipulated data (thus not providing integrity) could still send a valid certificate. Regarding the back ends responses, I find multiple ways of interpreting this.
- The integrity could refer to validity of a protocol
- The integrity could refer to data being logically valid
Or am I misinterpreting the statement?