#51: Clarification of section 2.4 In 2.4, adding a phrase to the parenthetical comment in the big paragraph :
If the connection has no errors, the UA will then apply a new correctness check: Pin Validation. To perform Pin Validation, the UA will compute the fingerprints of the SPKI structures in each certificate in the host's validated certificate chain. (The UA ignores certificates whose SPKI cannot be taken in isolation and superfluous certificates in the chain that do not form part of the validating chain.) The UA will then check that the set of these fingerprints intersects the set of fingerprints in that host's Pinning Metadata. If there is set intersection, the UA continues with the connection as normal. Otherwise, the UA MUST treat this Pin Failure as a non-recoverable error. -- -------------------------+--------------------------------------------- Reporter: Tom Ritter | Owner: draft-ietf-websec-key-pinning@… Type: defect | Status: new Priority: major | Milestone: Component: key-pinning | Version: Severity: - | Keywords: -------------------------+--------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/51> websec <http://tools.ietf.org/websec/> _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec