[1] RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) ( 版) <https://tools.ietf.org/html/rfc6125#section-1.8>
pinning: The act of establishing a cached name association between
the application service's certificate and one of the client's
reference identifiers, despite the fact that none of the presented
identifiers matches the given reference identifier. Pinning is
accomplished by allowing a human user to positively accept the
mismatch during an attempt to communicate with the application
service. Once a cached name association is established, the
certificate is said to be pinned to the reference identifier and
in future communication attempts the client simply verifies that
the service's presented certificate matches the pinned
certificate, as described under Section 6.6.2. (A similar
definition of "pinning" is provided in [WSC-UI].)