[cryptography] Key Archive Formats and Pinsets (Certificate Pinning)?

Tom Ritter tom at ritter.vg
Tue Jan 8 09:39:49 EST 2013


On 6 January 2013 17:55, Jeffrey Walton <noloader at gmail.com> wrote:
> H All,
>
> Does anyone know if there is a standard extension to store pin sets
> (re: certificate pinning) in, for example, PKCS #12?
>
> Perhaps in another format?
>
> OIDs?
>
> Placing a pinset in a PKCS #12 certificate  (or other format) kills
> two key distribution problems with one stone.


I believe at one point TACK (tack.io) had a configuration where the
pins could be specified in an X509 extension, but this seems to be
missing (probably removed from the draft for simplicity).

-tom



More information about the cryptography mailing list