💾 Archived View for rawtext.club › ~sloum › geminilist › 007564.gmi captured on 2021-11-30 at 19:37:34. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
mbays mbays at sdf.org
Mon Nov 8 17:47:12 GMT 2021
- - - - - - - - - - - - - - - - - - -
There are many good reasons people to use TLS 1.3 that are quite
relevant to Gemini:
- TLS 1.3 can eliminate one or two round-trips.
- TLS 1.3 supports Encrypted Client Hello.
- TLS 1.3 supports record padding.
Another one I think is particularly important for Gemini:TLS 1.2 sends client certificates in the clear, while with 1.3 they are encrypted.
Even if the spec doesn't end up mandating 1.3, it might be worth requiring it for servers which make use of client certificates.
Another big advantage of requiring 1.3 is that it would let us use ed25519 certificates (server and client). (I think in theory we could already do this, by choosing a certificate to send depending on which algorithms the remote party says they support, but that adds complexity and I don't know of any implementation which does this.)-------------- next part --------------A non-text attachment was scrubbed...Name: signature.ascType: application/pgp-signatureSize: 195 bytesDesc: not availableURL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20211108/b9dcabb4/attachment.sig>