Viktor Dukhovni:
> On Tue, Oct 22, 2013 at 11:07:07AM +0200, Tobias Reckhard wrote:
>
> > Maybe fingerprinting would work, though. I'll give it a shot on a test
> > system. Thanks for the suggestion.
>
> Fingerprinting the leaf certificate will work until the next time
> they deploy a new leaf certificate without notifying you in advance.
> This is because fingerprint security does not rely on a valid chain
> of signatures from a trusted root, but does depend on matching the
> exact certificate or public key.
Presumably, this would not be a problem with public-key fingerprints
until they change the key itself.
Wietse
