#51: Clarification of section 2.4
In 2.4, adding a phrase to the parenthetical comment in the big paragraph
:
If the connection has no errors, the UA will then apply a new
correctness check: Pin Validation. To perform Pin Validation, the UA
will compute the fingerprints of the SPKI structures in each
certificate in the host's validated certificate chain. (The UA
ignores certificates whose SPKI cannot be taken in isolation and
superfluous certificates in the chain that do not form part
of the validating chain.) The UA will then check that the set of
these fingerprints intersects the set of fingerprints in that host's
Pinning Metadata. If there is set intersection, the UA continues
with the connection as normal. Otherwise, the UA MUST treat this Pin
Failure as a non-recoverable error.
--
-------------------------+---------------------------------------------
Reporter: Tom Ritter | Owner: draft-ietf-websec-key-pinning@…
Type: defect | Status: new
Priority: major | Milestone:
Component: key-pinning | Version:
Severity: - | Keywords:
-------------------------+---------------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/51>
websec <http://tools.ietf.org/websec/>
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec
