On Nov 1, 2012 5:23 PM, "Jeffrey Walton" <[email protected]> wrote: > > Hi All, > > I was reading through Public Key Pinning Extension for HTTP > (draft-ietf-websec-key-pinning-01, > http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01). > > Section 3.1. Backup Pins, specifies that a backup should be available > in case something goes awry with the current pinset. The backup pinset > is a hash of undisclosed certificates or keys. Appendix A. Fingerprint > Generation, then offers a program to hash a PEM encoded certificate. <snip> > Would it be > better to retain a hash of the public key instead since the public key > rarely changes?
Or perhaps public key plus SubjectDN since that also rarely changes??? At least would still allow us to associate the two. -kevin
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
