> "Certificate ID" seems like entirely the wrong name for this field, > given that it [SHA-256(der(subject) + der(spki))] doesn't actually > identify a unique certificate! > Indeed, the whole point of having this > field seems to be to identify _multiple_ related certificates.
Correct > Why not call it "SHA-256(Subject + SPKI)" instead? That doesn't leave room for changing the algorithm if we decide it needs to be changed to better identify the same logical certs. I'm open to suggestions on a better name. Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
