On Tue, Sep 24, 2019 at 10:19:45AM -0400, Michael Lazar wrote: > I want to push back on the idea of TOFU certificates a little bit. Mainly, I > feel like I'm missing some important context that led to this decision of > rolling your own security model. Actually, I'm feeling fairly susceptible to this push back. Back in the veeeery early days of Gemini, probably before I'd even resolved to actual take it on as a real project, somebody asked if using TLS meant we were gointg to adopt the CA system, with all of its problems. I said I'd be quite open to exploring some less centralised alternatives like TOFU and they were very enthusiastic about that idea. I think TOFU has just kind of come along for the ride since then without being critically assessed. To some extent, unconventional and creative use of TLS has become a bit of a signature move for Gemini, with the client certificate ideas. You are right that, because the CA approach to certificate validation is so ingrained in the web world, it's actually likely to be much, much easier to correctly implement than TOFU. And while there are valid criticisms of the CA system, at the very least Gemini could claim to be no worse than the web. How do other people feel about this? What proportion of extant Gemini servers are already using Let's Encrypt certs? Cheers, Solderpunk
---
Previous in thread (5 of 15): 🗣️ Brian Evans (b__m__e (a) mailfence.com)
Next in thread (7 of 15): 🗣️ solderpunk (solderpunk (a) SDF.ORG)