What's left to doo on NTS
Achim Gratz
Stromeko at nexgo.de
Sat Mar 2 15:07:35 UTC 2019
Hal Murray via devel writes:
>> Not complete security, but at least encryption. And there are levels of
>> validation. If you are off net, you can't completely validate the cert, but
>> you can partially validate it. Maybe you would want to pin it.
>
> What does partial validation mean? What does "pin it"? mean
Partial validation means you don't follow the cert chain to the root.
In the off-net scenario, it means you stop folloing the chain when you'd
have to go outside the network perimeter you're in. Pinning prescribes
that certain parts of the chain must match a certain value (it's usually
done via hashes). Both partial validation and pinning assumes the chain
up from the last certificate that got validated has been pre-verified
and with pinning you're actually asserting its exclusive validity, so
you stop further checks there.
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
More information about the devel
mailing list