💾 Archived View for rawtext.club › ~sloum › geminilist › 001182.gmi captured on 2020-10-31 at 02:06:13. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
Carsten Strotmann carsten at strotmann.de
Fri May 29 21:37:16 BST 2020
- - - - - - - - - - - - - - - - - - -
Hi,
Jason McBrayer <jmcbray at carcosa.net> writes:
southerntofu at thunix.net writes:
Using DANE to distribute certificates reduces the attack
surface, because the
DNS is already a SPOF for a gemini server. I personally believe
the gemini spec
should strongly encourage admins to use DANE to distribute
their server
certificates.
Could you provide a minimal sample implementation of how a
client would
implement this? Just to demonstrate feasibility and to provide a
guide
to other client authors?
I can't give a reference implementation, but as far as I know DANE canbe almost 100% delegated to OpenSSL or GNUTLS.
The DANE User Mailing List<https://mail.sys4.de/mailman/listinfo/dane-users> is a good place toget implementation help, sometimes directly from the RFC and OpenSSLauthors.
Greetings
Carsten