On Fri, Mar 05, 2021 at 01:33:49PM +0100, nothien at uber.space <nothien at uber.space> wrote a message of 44 lines which said: > I propose an extension to this, which allows servers to announce > their intention (in a verifiable way) to change certificates in the > near future. Essentially, servers now provide (over Gemini) a > '/.pubkey' URL where they serve the hash of the public key they will > use in the near future (which may be the same as the public key they > use right now). And Drew deVault who said that using Let's Encrypt was too complicated :-) Anything that requires such operations does not seem to fit with the principles of Gemini. (And I speak from experience managing DNSSEC key rollovers.) Also, this proposal does not address unplanned emergency changes (such as one triggered by a compromise of the private key). They are one of the biggest problems with TOFU.
---
Previous in thread (7 of 17): 🗣️ mbays (a) sdf.org (mbays (a) sdf.org)
Next in thread (9 of 17): 🗣️ Stephane Bortzmeyer (stephane (a) sources.org)