On 27/09/16 00:26, Kathleen Wilson wrote: >> "Certificate ID" seems like entirely the wrong name for this field, >> given that it [SHA-256(der(subject) + der(spki))] doesn't actually >> identify a unique certificate! >> Indeed, the whole point of having this >> field seems to be to identify _multiple_ related certificates. > > Correct > >> Why not call it "SHA-256(Subject + SPKI)" instead? > > That doesn't leave room for changing the algorithm if we decide it needs to > be changed to better identify the same logical certs. > > I'm open to suggestions on a better name.
How about "CA Fingerprint"? Peter's "CA ID" suggestion is definitely better than "Certificate ID". However, since crt.sh already has an integer "CA ID" field, I'd prefer to call this Salesforce field "CA Fingerprint" to avoid potential confusion for folks who use both systems. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
