Define the agent fingerprint as the SPKI.

[markafoltz]

Addresses Issue #282: Certificates should have a maximum lifetime, and SPAKE2 identities should be SPKI not cert fingerprint

This defines the agent fingerprint in terms of the SPKI (e.g., the public key) of the agent certificate. The agent fingerprint is used to identify agents and is input to SPAKE2.

This allows agents to use shorter-lived certificates and renew their certificates without having to re-authenticate to other agents.

This PR does not specify certificate lifetimes or renewal policies. It also does not handle the issuing of completely new certificates while maintaining previous trust relationships.

---

Preview | Diff