Right, that’s the main point. SKI is just an opaque identifier. It “used to” “mostly” be SHA1 of the key, but there was never any requirement that it MUST be so.
-- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me<mailto:rs...@jabber.me> Twitter: RichSalz
