> * 66 certs are signed by Let's Encrypt > * 35 pass OpenSSL validation > * 359 fail OpenSSL validation (not signed by a trusted CA, expired, etc) 66 is more Let's Encrypt certs than I would have guessed. For better or worse, they seem a bit out of place in gemini. When I was setting up my server, I was almost going to use my Let's Encrypt cert, but I'm glad I didn't. The Let's Encrypt method is antithetical to the TOFU model of certs. Using a trusted CA is irrelevant and regularly updating your certs (often a month in advance of expiry) is not good with TOFU. > * 3 : Not After 9999 I wish I had gone this way. I think with TOFU this is the only sane way (essentially same as ssh host keys). ~Stephen
---
Previous in thread (1 of 37): 🗣️ nervuri (nervuri (a) disroot.org)
Next in thread (3 of 37): 🗣️ colecmac (a) protonmail.com (colecmac (a) protonmail.com)