[cryptography] Public Key Pinning Extension for HTTP (draft-ietf-websec-key-pinning-01)
Kevin W. Wall
kevin.w.wall at gmail.com
Thu Nov 1 18:07:34 EDT 2012
On Nov 1, 2012 5:23 PM, "Jeffrey Walton" <noloader at gmail.com> wrote:
> Hi All,
> I was reading through Public Key Pinning Extension for HTTP
> Section 3.1. Backup Pins, specifies that a backup should be available
> in case something goes awry with the current pinset. The backup pinset
> is a hash of undisclosed certificates or keys. Appendix A. Fingerprint
> Generation, then offers a program to hash a PEM encoded certificate.
> Would it be
> better to retain a hash of the public key instead since the public key
> rarely changes?
Or perhaps public key plus SubjectDN since that also rarely
changes??? At least would still allow us
to associate the two.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography