[cryptography] Key Archive Formats and Pinsets (Certificate Pinning)?

Tom Ritter tom at ritter.vg
Tue Jan 8 09:39:49 EST 2013

On 6 January 2013 17:55, Jeffrey Walton <noloader at gmail.com> wrote:
> H All,
> Does anyone know if there is a standard extension to store pin sets
> (re: certificate pinning) in, for example, PKCS #12?
> Perhaps in another format?
> OIDs?
> Placing a pinset in a PKCS #12 certificate  (or other format) kills
> two key distribution problems with one stone.

I believe at one point TACK (tack.io) had a configuration where the
pins could be specified in an X509 extension, but this seems to be
missing (probably removed from the draft for simplicity).


More information about the cryptography mailing list