Hal Murray via devel writes: >> Not complete security, but at least encryption. And there are levels of >> validation. If you are off net, you can't completely validate the cert, but >> you can partially validate it. Maybe you would want to pin it. > > What does partial validation mean? What does "pin it"? mean
Partial validation means you don't follow the cert chain to the root. In the off-net scenario, it means you stop folloing the chain when you'd have to go outside the network perimeter you're in. Pinning prescribes that certain parts of the chain must match a certain value (it's usually done via hashes). Both partial validation and pinning assumes the chain up from the last certificate that got validated has been pre-verified and with pinning you're actually asserting its exclusive validity, so you stop further checks there. https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
