💾 Archived View for gem.benscraft.info › mailing-list › messages › 178 captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
- text at sdfeu.org
@ Thu, 08 Apr 2021 19:59 +0000
────────────────────────────────────────────────────────────────────────────────
On Thu, 08 Apr 2021 16:59:31 +0000, nervuri wrote:
On Wed, 2021-04-07, Sean Conner wrote:
> Also, stats [1] show that some 21% of Gemini sites still use TLS 1.2.
> Personally, I think that once this falls below 5% (or greater than 95%
> of all sites support TLS 1.3) we can revisit this decision.
Also, if the actual blocker is the percentage of servers and clients
supporting TLS 1.3, then that's what the specification should say,
rather than referring to libraries. It can be vague, like:
TLS 1.2 is reluctantly permitted until TLS 1.3 support is more
widespread among Gemini servers and clients.
The minimum required TLS version is 1.2,
but clients who wish to be "ahead of the curve" MAY
refuse to connect to servers using TLS version 1.2.
Could we even formulate without specifying version numbers, not knowing
which version Gemini should be using in like a decade? Somewhat along:
Servers and clients must use TLS. The current (stable) TLS version should
be supported; the next lower version may be supported as long as
a) this lower version is not [commonly] considered insecure [by whom?]
and
b) the majority of [common] TLS libraries do not [yet] support the
current TLS version in the libraries' stable versions.
Not too sure about a) and the "common" parts, though.
Thx
════════════════════════════════════════════════════════════════════════════════