Stephane Bortzmeyer stephane at sources.org
Sun Jan 3 15:14:12 GMT 2021
- - - - - - - - - - - - - - - - - - -
On Wed, Dec 30, 2020 at 11:19:22AM -0800, Stephen <stephen at drsudo.com> wrote a message of 18 lines which said:
66 is more Let's Encrypt certs than I would have guessed. For better
or worse, they seem a bit out of place in gemini. When I was setting
up my server, I was almost going to use my Let's Encrypt cert, but
I'm glad I didn't. The Let's Encrypt method is antithetical to the
TOFU model of certs.
This is one of the weaknesses of the current spec (and why I think itis far from finished). Using a CA like Let's Encrypt is not forbiddenbut there is no detail about how it goes with TOFU. For instance, whena certificate (or key?) changes, is it TOFU-OK if it is signed by arecognized CA?