💾 Archived View for rawtext.club › ~sloum › geminilist › 001965.gmi captured on 2020-09-24 at 01:31:32. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

<-- back to the mailing list

TLS certificate sizes in Geminispace

solderpunk solderpunk at SDF.ORG

Sat Jun 27 09:58:19 BST 2020

- - - - - - - - - - - - - - - - - - - 

----- Forwarded message from solderpunk <solderpunk at SDF.ORG> -----

Date: Fri, 26 Jun 2020 15:57:59 +0000From: solderpunk <solderpunk at SDF.ORG>To: Gemini application layer protocol <gemini at lists.orbitalfox.eu>Subject: Re: TLS certificate sizes in Geminispace

On Fri, Jun 26, 2020 at 05:05:22PM +0200, Felix Queißner wrote:

This makes me think it's an error with the server, as opposed to the ED22519 key; I'd love to try another server with this type of certificate for testing.
Using Kristall works and it's blazingly fast, seems to be a correct
server configuration

Hmm, I think SDF's mail server must be having issues, I'm not seeingother posts to this thread, even my own replies, but I can see them atSloum's Gemini mirror of the list. I'll send this now in the hopes itgets through eventually...

I think perhaps it is, indeed, the case that older versions of OpenSSLwill choke on this. That *sucks*. I know this is a big problem withthe web, but the web, by virtue of being mostly a commercial enterprise,needs to support janky old clients because the people using them stillhave good money. I figured that since there *are* no janky old Geminiclients, we would not be bitten by this kind of thing.

Okay, perhaps everybody jumping to ED22519 right now is not viable, butit should be a medium-term goal and, in the mean time, we can figure outwhat the smallest possible widely supported certificate is (withoutdoing silly things like using tiny key sizes), and build tools / writedocs help folks generate them.

Cheers,Solderpunk