💾 Archived View for bbs.geminispace.org › u › jmjl › 13170 captured on 2024-08-18 at 23:45:02. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
Re: "New "Certificate and Key Validator" service to Kennedy"
@Acidus Maybe also make this service make itself check the TLSA records if there are any, and if you build a gemini client, make it check tlsa records of the validator every time they expire, and have it have TLSA records?
Yes, I realize it's not obligatory for you to set a TLSA record, but I guess this might be helpfull if people like the idea.
2023-12-29 · 8 months ago
🧇 Acidus [OP] · 2023-12-30 at 13:28:
@jmjl That's a neat idea. I'm not too familiar with TLSA, DNSSEC, and DANE, but this is a chance to dig into them
New "Certificate and Key Validator" service to Kennedy — I added a "Certificate and Key Validator" service to Kennedy. This helps you figure out if a certificate/key change on a capsule is from a innocent change by the capsule owner, or a possible MITM attempt. Read me here: [gemini link] If I ever build a Gemin client, I would probably build something like this into it. (with a perference to disable). As in, if you access a capsule and it's cert/key is different, my client would check with...