💾 Archived View for bbs.geminispace.org › u › zzo38 › 21562 captured on 2024-12-17 at 15:53:36. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "Superseding X.509 certificates"
This could be used with both server certificates and client certificates (it is also independent of the protocol). I did not ask any AI (I do not have access to them). I did look for existing methods, and they do not seem sufficient, to me.
There is another thing that I had also considered, which is separate and not a part of this (but can be used together), to implement something like "web of trust" using a separate file, to allow anyone to sign someone's certificates and include details (e.g. which extensions are understood, levels of trust, etc). I think this separate thing is a different issue, so is handled separately.
Nov 05 · 6 weeks ago
Superseding X.509 certificates — I had a idea of a X.509 extension for superseding self-signed X.509 certificates, so that it can be used with TOFU (including with Gemini). There are many reasons why you might want to change a certificate, including because the old one will expire soon, or because your name or country has changed, or if you wish to change an extension, or use a better type of key or signature than you had before. Currently, the extension contains: An optional public key which...