----- Original Message -----
From: "Sam Hartman" <hartmans-ietf(_at_)mit(_dot_)edu>
To: "t.p." <daedulus(_at_)btconnect(_dot_)com>
Cc: "Sam Hartman" <hartmans-ietf(_at_)mit(_dot_)edu>;
<ietf(_at_)ietf(_dot_)org>;
<secdir(_at_)ietf(_dot_)org>; <iesg(_at_)ietf(_dot_)org>;
<draft-ietf-netconf-rfc5539bis(_dot_)all(_at_)tools(_dot_)ietf(_dot_)org>
Sent: Tuesday, March 10, 2015 12:48 PM
"t" == t p <daedulus(_at_)btconnect(_dot_)com> writes:
Well, I think you still need to answer questions like
* Is it a fingerprint of the cert or the key?
* Is the server expected to re-normalize the DER? Allowed to
re-normalize the DER?
Sam
Thank you for your comments.
The I-D specifies fingerprint of the certificate so that is specified.
Normalisation is not specified and is an interesting point; as you say,
something to be considered.
Tom Petch
So that the input to the hash is well specified.
Several protocols within the IETF have taken on the challenge of
describing how to fingerprint certificates. I think the document
would
be improved by picking one of these strategies.