[FIG(quote)[
[FIGCAPTION[
[1] [CITE@en[RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)]]
([TIME[2015-03-13 22:27:53 +09:00]] 版)
<https://tools.ietf.org/html/rfc6125#section-1.8>
]FIGCAPTION]

> pinning:  The act of establishing a cached name association between
>       the application service's certificate and one of the client's
>       reference identifiers, despite the fact that none of the presented
>       identifiers matches the given reference identifier.  Pinning is
>       accomplished by allowing a human user to positively accept the
>       mismatch during an attempt to communicate with the application
>       service.  Once a cached name association is established, the
>       certificate is said to be pinned to the reference identifier and
>       in future communication attempts the client simply verifies that
>       the service's presented certificate matches the pinned
>       certificate, as described under Section 6.6.2.  (A similar
>       definition of "pinning" is provided in '''['''WSC-UI''']'''.)

]FIG]