On Fri, 2019-11-22 at 09:39 -0800, Lakshmi Ramasubramanian wrote: > On 11/22/19 8:17 AM, James Bottomley wrote: > > Thanks for the info James. I'll investigate further. It strikes me that for attestation purposes, the hash of the TBSCertificate, which is the thing that the issuer signs so we have it anyway (well modulo us wanting a different hash algorithm), is a complete and unique identifier for the certificate; can't we just use that ... and perhaps we should add it to the ids stored in the key payload[2]? James
