On Sun, Sep 15, 2019 at 04:31:44PM -0400, Sean Conner wrote: > Probably. I haven't looked too much into it yet. Nor I, but I think that's an optional extension on TLS which we can't rely on. Dangerously close to veering off topic here, so expect a new thread soon, but I've started trying to do a proper TOFU-style certificate handling scheme in AV-98. An immediate question is whether to remember previously seen certificates against hostnames or IP addresses. The most obvious place where this could really matter is for servers (with a single IP) serving up multiple Gemini sites under different hostnames. If the client *doesn't* send a hostname very early on in the handshake then it seems to me there is no way for the server to use distinct certs per hostname. I need to do some reading, no doubt this is entirely well-trod ground in HTTPS-land. -Solderpunk
---
Previous in thread (7 of 8): 🗣️ Sean Conner (sean (a) conman.org)