💾 Archived View for rawtext.club › ~sloum › geminilist › 001516.gmi captured on 2020-09-24 at 01:49:57. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Wed Jun 10 21:49:57 BST 2020
- - - - - - - - - - - - - - - - - - -
On Tue, Jun 09, 2020 at 11:53:19PM -0400, Michael Lazar wrote:
TLS_CLIENT_HASH
I'm using a base64-encoded representation of the hash. I like your notation of
SHA256:<HEX> better, but it's too late now and I don't want to break backwards
compatibility.
I am extremely interested in having a well-defined notion of"certificate fingerprints" in Geminispace, not just for CGI apps but inserver configs too (Molly Brown will soon support being able toconfigure lists of authorised certs for accessing certain directories).It's a shame it's too late for you to make changes now, but for the sakeof all future implementations we should agree on something.
I was actually going to suggest base64-encoded SHA256 of the binary(PEM) certificate (mostly guided by OpenSSH's use of base64 in.authorized_keys), but I'm happy to hear thoughts on this.
Cheers,Solderpunk