pinning

pinning

[1] RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) ( 版) <https://tools.ietf.org/html/rfc6125#section-1.8>

pinning: The act of establishing a cached name association between

the application service's certificate and one of the client's

reference identifiers, despite the fact that none of the presented

identifiers matches the given reference identifier. Pinning is

accomplished by allowing a human user to positively accept the

mismatch during an attempt to communicate with the application

service. Once a cached name association is established, the

certificate is said to be pinned to the reference identifier and

in future communication attempts the client simply verifies that

the service's presented certificate matches the pinned

certificate, as described under Section 6.6.2. (A similar

definition of "pinning" is provided in [WSC-UI].)