Standard fingerprint format for TLS certificates

[Adnan Maolood]

On Sat Nov 28, 2020 at 2:43 PM EST, Ben Bader wrote:
> What’s the use case for comparing fingerprints themselves? I may be
> missing something important.

Fingerprints are used to compare certificates. Instead of comparing the
certificates directly, you would essentially be comparing their hashes.
Fingerprints are also useful as a unique identifier for a certificate.

Let's say I use a tool to create a client certificate, and it tells me
the certificate fingerprint. I should then be able to configure my
server software to allow the certificate with this fingerprint. This 
would only work if the fingerprint format is the same across software.

> In my opinion, certificates themselves are the lingua franca and
> fingerprints are merely a client implementation detail. Unless we are
> considering standardizing a known-hosts file format, I would prefer
> leaving fingerprint formats to the discretion of client implementations.

To clarify, I don't think this should be added to the Gemini
specification, but rather it should be an informal specification or best
practice that can be listed on the project website.