Standard fingerprint format for TLS certificates

John Cowan cowan at ccil.org
Sat Nov 28 23:18:24 GMT 2020

Previous message (by thread): Standard fingerprint format for TLS certificates
Next message (by thread): Registering GEMINI scheme
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Nov 28, 2020 at 1:23 PM Adnan Maolood <me at adnano.co> wrote:

>   Cons: still somewhat long
> - Sha256 hash of the certificate, encoded in base64.
>   Pros: shorter than the Sha512 hash
>   Cons: less secure than Sha512?
>

IMO (and I am no expert, but I have taken expert advice), the *relative*
security weakness of SHA-256 over SHA-512 matters only if practical quantum
computing is developed during the life of the cert.  And all security is
relative: if you want to *secure* a computer, you should disconnect all
wires from it, drop it down a deep well, and fill the well with concrete.

The CLI program sha256sum produces a SHA-256 of an arbitrary file.

I think we should choose a fingerprint method and stick with it for
> consistency.
>

100% agreement.

John Cowan          http://vrici.lojban.org/~cowan        cowan at ccil.org
        Is it not written, "That which is written, is written"?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20201128/d2c55127/attachment.htm>

Previous message (by thread): Standard fingerprint format for TLS certificates
Next message (by thread): Registering GEMINI scheme
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list