>>>>> "t" == t p <daedulus@xxxxxxxxxxxxx> writes: Well, I think you still need to answer questions like * Is it a fingerprint of the cert or the key? * Is the server expected to re-normalize the DER? Allowed to re-normalize the DER? So that the input to the hash is well specified. Several protocols within the IETF have taken on the challenge of describing how to fingerprint certificates. I think the document would be improved by picking one of these strategies.