💾 Archived View for gem.benscraft.info › mailing-list › threads › 149 captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
- nervuri <nervuri at disroot.org>
@ Sun, 04 Apr 2021 19:02 +0000
In reply to
────────────────────────────────────────────────────────────────────────────────
On Thu, 2021-03-04, Drew DeVault wrote:
Hello! I have recently announced some upcoming changes to my Gemini
software implementations with respect to TLS and TOFU:
https://lists.sr.ht/~sircmpwn/gmni-discuss/%3CC9OP7IK9T9EP.15EOEOOS7QSB9%40taiga%3E
I've also updated my older TOFU recommendations article to reflect the
changes:
gemini://drewdevault.com/2020/09/21/Gemini-TOFU.gmi
A few observations:
1. Not storing the port means that the client can't adequately support
different certs being served on different ports. You can test with:
wikipedia.geminet.org
wikipedia.geminet.org:1966
2. Not storing the expiration timestamp means that the client can't
issue a less scary warning when it receives a new cert after the old one
expired (or when it's about to expire).
Solderpunk argued in favor of clients using expiration dates, for ex:
https://lists.orbitalfox.eu/archives/gemini/2020/002101.html
I guess I see the main utility of explicit expiration dates in this
context as being a kind of promise from the sever admin that "I have no
plans to do a key rotation for about this length of time". This means
that apparent MITM attacks happening at a time when there's a lot of
validity left can be treated with much higher suspicion.
3. A cert can be renewed without changing its public key, so storing a
hash of the SPKI (SubjectPublicKeyInfo) instead of the entire
certificate means potentially less unnecessary warning messages for
users. Here's the OpenSSL command to extract the SHA512 hash of the
DER-encoded SPKI:
openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha512 -binary | openssl enc -base64 -A
I used base64 at the end to get a shorter string.
And here's the command one would use to renew a cert without changing keys:
openssl req -new -x509 -key private_key.pem -out new_cert.pem -subj "/CN=example.com" -days 36500
It generates a certificate valid for 100 years using the old key.
Amfora uses the SPKI, so it wouldn't raise a warning about this new cert.
════════════════════════════════════════════════════════════════════════════════