Petite Abeille petite.abeille at gmail.com
Thu Mar 4 17:59:25 GMT 2021
- - - - - - - - - - - - - - - - - - -
On Mar 4, 2021, at 18:45, Drew DeVault <sir at cmpwn.com> wrote:
https://en.wikipedia.org/wiki/Trust_on_first_use
See also section 4.2 of the Gemini specification:
Gemini keeps on repeating 'tofu', 'tofu', 'tofu' — like a talisman.
And each and every client understand it differently — if at all.
To add insult to injury, it's purely optional. Optional! While TLS is mandatory!
It's fantastic that servers generates certificates on the fly — trivial things first.
But then what? What's the operating model? Specifically. Consistently. Across the board.
If each client-server pairs have their own view on how to handle TLS — then Gemini has nothing at all.
Just a giant mess. With mandatory TLS pain for everyone.
I don't get it.
So be it.
±0¢