💾 Archived View for rawtext.club › ~sloum › geminilist › 001965.gmi captured on 2020-10-31 at 02:38:09. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Sat Jun 27 09:58:19 BST 2020
- - - - - - - - - - - - - - - - - - -
----- Forwarded message from solderpunk <solderpunk at SDF.ORG> -----
Date: Fri, 26 Jun 2020 15:57:59 +0000From: solderpunk <solderpunk at SDF.ORG>To: Gemini application layer protocol <gemini at lists.orbitalfox.eu>Subject: Re: TLS certificate sizes in Geminispace
On Fri, Jun 26, 2020 at 05:05:22PM +0200, Felix Queißner wrote:
This makes me think it's an error with the server, as opposed to the ED22519 key; I'd love to try another server with this type of certificate for testing.
Using Kristall works and it's blazingly fast, seems to be a correct
server configuration
Hmm, I think SDF's mail server must be having issues, I'm not seeingother posts to this thread, even my own replies, but I can see them atSloum's Gemini mirror of the list. I'll send this now in the hopes itgets through eventually...
I think perhaps it is, indeed, the case that older versions of OpenSSLwill choke on this. That *sucks*. I know this is a big problem withthe web, but the web, by virtue of being mostly a commercial enterprise,needs to support janky old clients because the people using them stillhave good money. I figured that since there *are* no janky old Geminiclients, we would not be bitten by this kind of thing.
Okay, perhaps everybody jumping to ED22519 right now is not viable, butit should be a medium-term goal and, in the mean time, we can figure outwhat the smallest possible widely supported certificate is (withoutdoing silly things like using tiny key sizes), and build tools / writedocs help folks generate them.
Cheers,Solderpunk