💾 Archived View for rawtext.club › ~sloum › geminilist › 006309.gmi captured on 2023-09-28 at 16:50:04. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[spec] The updated speculative specification is now up

Benjamin Cronin bcronin720 at gmail.com

Fri Apr 9 03:05:56 BST 2021

- - - - - - - - - - - - - - - - - - - 

Perhaps it could mention something about published vulnerabilities orcrackability with consumer hardware, as a response to the [by whom?] thatnervuri mentions here.I think library support is also important to make sure that anyimplementations are done well and that people aren't trying to rush astandard without proper support, leading to more bugs and opportunities formalicious attacks.- Entflammen

On Thu, Apr 8, 2021 at 4:00 PM <text at sdfeu.org> wrote:

On Thu, 08 Apr 2021 16:59:31 +0000, nervuri wrote:

On Wed, 2021-04-07, Sean Conner wrote:

Also, stats [1] show that some 21% of Gemini sites still use TLS 1.2.

Personally, I think that once this falls below 5% (or greater than 95%

of all sites support TLS 1.3) we can revisit this decision.

Also, if the actual blocker is the percentage of servers and clients

supporting TLS 1.3, then that's what the specification should say,

rather than referring to libraries. It can be vague, like:

TLS 1.2 is reluctantly permitted until TLS 1.3 support is more

widespread among Gemini servers and clients.

The minimum required TLS version is 1.2,

but clients who wish to be "ahead of the curve" MAY

refuse to connect to servers using TLS version 1.2.

Could we even formulate without specifying version numbers, not knowing

which version Gemini should be using in like a decade? Somewhat along:

Servers and clients must use TLS. The current (stable) TLS version should

be supported; the next lower version may be supported as long as

a) this lower version is not [commonly] considered insecure [by whom?]

and

b) the majority of [common] TLS libraries do not [yet] support the

current TLS version in the libraries' stable versions.

Not too sure about a) and the "common" parts, though.

Thx

-------------- next part --------------An HTML attachment was scrubbed...URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210408/ad61caec/attachment.htm>