3 thumbprint \- public key thumbprints
6 Applications in Plan 9 that use public keys for authentication,
15 check the remote side's public key by comparing against
16 thumbprints from a trusted list.
17 The list is maintained by people who set local policies
18 about which servers can be trusted for which applications,
19 thereby playing the role taken by certificate authorities
21 By convention, these lists are stored as files in
23 and protected by normal file system permissions.
25 Such a thumbprint file comprises lines made up of
26 attribute/value pairs of the form
30 The first attribute must be the application tag:
32 for tls applications or
34 for ssh server fingerprints.
35 The second attribute must be a hash type of
39 followed by the hex or base64 encoded hash of binary certificate
41 All other attributes are treated as comments.
42 The file may also contain lines of the form
46 For example, a web server might have thumbprint
48 x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com