💾 Archived View for rawtext.club › ~sloum › geminilist › 004677.gmi captured on 2024-02-05 at 11:22:47. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[tech] [spec] TLS statistics

Stephane Bortzmeyer stephane at sources.org

Sun Jan 3 15:14:12 GMT 2021

- - - - - - - - - - - - - - - - - - - 

On Wed, Dec 30, 2020 at 11:19:22AM -0800, Stephen <stephen at drsudo.com> wrote a message of 18 lines which said:

66 is more Let's Encrypt certs than I would have guessed. For better
or worse, they seem a bit out of place in gemini. When I was setting
up my server, I was almost going to use my Let's Encrypt cert, but
I'm glad I didn't. The Let's Encrypt method is antithetical to the
TOFU model of certs.

This is one of the weaknesses of the current spec (and why I think itis far from finished). Using a CA like Let's Encrypt is not forbiddenbut there is no detail about how it goes with TOFU. For instance, whena certificate (or key?) changes, is it TOFU-OK if it is signed by arecognized CA?