πΎ Archived View for rawtext.club βΊ ~sloum βΊ geminilist βΊ 002094.gmi captured on 2020-10-31 at 02:43:44. Gemini links have been rewritten to link to archived content
β¬ οΈ Previous capture (2020-09-24)
-=-=-=-=-=-=-
colecmac at protonmail.com colecmac at protonmail.com
Mon Jul 6 15:41:24 BST 2020
- - - - - - - - - - - - - - - - - - -
Good to hear, thanks! Now we just have to get all the serversto switch over...
makeworld
βββββββ Original Message βββββββOn Monday, July 6, 2020 8:55 AM, Solderpunk <solderpunk at posteo.net> wrote:
On Mon Jul 6, 2020 at 12:18 AM CEST, wrote:
5 year certs sound like a good compromise to me. We can make client
messages sufficiently scary, seeing as a five year expiry will make
TOFU issue somewhat rare. Will you set that as a default for your
cert tool then?
Maybe! ;) Ido plan to finally start work on that tool this week, by
the way.
Hopefully by 2025 we'll have agreed on a way to do smooth roll-overs
which is widely implemented! If that does happen, and it's easily
automated (which I'd very much like it to be), maybe we can start
shifting towards less long-lived keys/certs for a extra peace of mind.
Do you agree with my original recommendation that clients should
auto-accept any cert once the old one has expired? This seems relevant
here. I think it's nice for UX, although I see the obvious security
risk.
In the absence of any other roll-over mechanism, yeah, this seems like
sane behaviour for a TOFU client.
Cheers,
Solderpunk