Certificate Hash Certificate hash needs to be mandatory If the hash is not included with the client certificate URL, the finished message will not factor in the name associated with the key. Hash needs agility The protocol mandates SHA-1, which is fine as a default, but there is no mechanism to specify a stronger algorithm. |