<-- back to the mailing list

Updated recommendations regarding TOFU & TLS

Drew DeVault sir at cmpwn.com

Thu Mar 4 17:36:18 GMT 2021

- - - - - - - - - - - - - - - - - - - 

Re-sending, I forgot to Cc the list. Because I wasn't Cc'd on the reply.

Um... no offense intended, but if you're not on the list, then why are
you posting to the list?
Honest question.

It's quite common for someone to write to a mailing list without beingsubscribed to it. Please use reply-all if you have more to add.

No it's not. It happens every eighty something-ish days automatically.
For the forseeable future, Vger will continue to use LetsEncrypt. Easy
Peasy!

Suit yourself, but this is NOT easy!

Installing extra software, running an HTTP server (or TLS-ALPN) for LEto query, running a cronjob (and keeping it running!)... there are adozen places for error here and it requires a lot of manual setup. Justbecause you already did the work doesn't mean that it's easier!

In Gemini, we have the privilege of skipping all of this entirely andhaving zero-configuration TLS. The server generates a certificate and itjust works. This is much easier.