💾 Archived View for rawtext.club › ~sloum › geminilist › 002093.gmi captured on 2020-11-07 at 02:40:25. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
Laurens Vets laurens at daemon.be
Mon Jul 6 15:35:32 BST 2020
- - - - - - - - - - - - - - - - - - -
On 2020-07-05 15:18, colecmac at protonmail.com wrote:
5 year certs sound like a good compromise to me. We can make client
messages sufficiently scary, seeing as a five year expiry will make
TOFU issue somewhat rare. Will you set that as a default for your
cert tool then?
Do you agree with my original recommendation that clients should
auto-accept any cert once the old one has expired? This seems relevant
here. I think it's nice for UX, although I see the obvious security
risk.
Also not that soon(-ish) Apple, Google & Mozilla browsers will _only_ accept certificates with a valid lifetime of maximum 1 year effectively making this a "standard". While not necessarily relevant to Gemini directly, it's something to keep in mind.