On Tue, Oct 22, 2013 at 11:07:07AM +0200, Tobias Reckhard wrote: > Maybe fingerprinting would work, though. I'll give it a shot on a test > system. Thanks for the suggestion.
Fingerprinting the leaf certificate will work until the next time
they deploy a new leaf certificate without notifying you in advance.
This is because fingerprint security does not rely on a valid chain
of signatures from a trusted root, but does depend on matching the
exact certificate or public key.
--
Viktor.
