💾 Archived View for rawtext.club › ~sloum › geminilist › 002824.gmi captured on 2020-10-31 at 14:48:16. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
colecmac at protonmail.com colecmac at protonmail.com
Thu Oct 1 22:55:13 BST 2020
- - - - - - - - - - - - - - - - - - -
Hello Drew,
You might be interested in a gemlog post I wrote a while back, with basicallythe same topic, it's my TOFU recommendations for Gemini.
gemini://makeworld.gq/gemlog/2020-07-03-tofu-rec.gmi
My recommendations are pretty similar to yours. A few differences:
- I don't specify a file/storage format- The cert fingerprint is generated from just the SPKI section of the cert, not the entire thing. See the post for rationale.- The port is also stored (host vs hostname) so that different ports can use different certs- I don't make any distinction between temporary and always trust- I mention SHA-256, but that's just an implementation detail
I also noticed that your flow doesn't seem to update the host data if thecert has expired, it just allows the request to continue. I assume that'san error? Or maybe I'm misreading.
Would be happy to hear about what you think of my recommendations! I hopethey're useful, I've been trying to spread them on Gemini since I wrote them.
Cheers,makeworld