On 21 december, gemini://thurk.org/ had the public key 5dDrQtsEsCyzK7/ZrSFr8unk8OXfgVBhzW0kup9fTaI=. Today, it is OqGA8UkjoW+oDCX5e3NdfH8q7wBCAlkoyBv/02BcG24=. The Lupa crawler protested. (Same thing for gemini://mozz.us.) What should we do when a public key changes? Reject it? Accept it if the certificate is signed by a known CA? Ask this mailing list? The security part of the current specification is quite vague. It says "If the certificate is not the one previously received, but the previous certificate's expiry date has not passed, the user is shown a warning, analogous to the one web browser users are shown when receiving a certificate without a signature chain leading to a trusted CA." So, always accept, just logs a warning, thus defeating all security? (Note that it requires to store the entire certificate, not just the public key, which means renewals by Let's Encrypt would break TOFU.)
---
Next in thread (2 of 4): 🗣️ colecmac (a) protonmail.com (colecmac (a) protonmail.com)