On Wed, Jun 10, 2020 at 05:50:38PM -0400, Sean Conner wrote: > What? That it's too late for him to change the format he's using for > TLS_CLIENT_HASH? On thinking on it, why does it matter what the format is? > It's a hash value---an obstensibly binary blob. It's a computable unique > identifier for a resource, so does it really matter if you use the binary > format, or some textual format? Sure, the binary format is a bit more > compact, but that's it. A CGI (SCGI, other) can still use it as a key---it > may just not be portable between servers, that's all. Sure, but portability of a fingerprint between different servers and between different CGI apps is extremely desirable. If I need to calculate multiple different fingerprints of a given cert in order to whitelist it in different applications, that's a big barrier to adoption. Cheers, Solderpunk
---
Previous in thread (25 of 52): 🗣️ Sean Conner (sean (a) conman.org)
Next in thread (27 of 52): 🗣️ Michael Lazar (lazar.michael22 (a) gmail.com)