💾 Archived View for rawtext.club › ~sloum › geminilist › 004812.gmi captured on 2021-11-30 at 19:37:34. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Stephane Bortzmeyer stephane at sources.org
Tue Jan 12 13:09:56 GMT 2021
- - - - - - - - - - - - - - - - - - -
On Mon, Jan 11, 2021 at 02:47:40PM -0500, easrng <easrng at gmail.com> wrote a message of 12 lines which said:
I think I would handle certs a few different ways. [...] If the
certificate was valid and trusted by the CAs installed, I would also
accept it, even if that means overwriting an earlier TOFU
entry. Otherwise, I would handle them like SSH handles keys, by
asking the user on the first connection if the certificate is
trusted.
It seems a reasonable choice. (Except that "asking the user [...] ifthe certificate is trusted" is just playing with words: unlike SSH,the user has zero knowledge of the remote server and cannot assess thecertificate.) I like the way it deals with the coexistence X.509/TOFU.
First, if it was tunneled over a protocol that is already encrypted
(ex. Tor), I'd accept any certificate, because TLS would be
redundant,
Depending on how the client and the server are ran, they may not knowif they use Tor or not. Think socks and stuff like that.