Björn Wärmedal bjorn.warmedal at gmail.com
Fri Mar 5 11:02:20 GMT 2021
- - - - - - - - - - - - - - - - - - -
It's my opinion that the easiest course of action is to ignore the TOFU problematic altogether — and blindly use TLS for transmission security only.
TOFU doesn't seem to be a good operational fit for Gemini.
Developing a whole new trust model to support it is beyond the scope of the Gemini protocol — in my view.
The easiest win would be to stick to just plain TLS — and call it a day.
An absolutely valid opinion. Just accept any cert and go. Any clientdeveloper out there can already do that, of course (and any automatedclients have to, in the current state of affairs).
Another option is to stick with CAs, which all(?) TLS libraries do bydefault. Also a valid opinion.
I personally like TOFU, but it's proven to be very very hard tocommunicate to implementers and server operators what TOFU means forthem.
Basically, in my opinion, all these three options have merits andflaws and I'd be okay with any of them as the final choice.
Cheers,ew0k