Announcing kwiecien.us

[solderpunk]

On Fri, May 15, 2020 at 11:14:44AM +0430, Ben wrote:
 
> I'm having an issue with elpher where it asks me to approve the site's SSL
> cert because it says something like the issuer not being recognized... well
> that can't be right, so either I set up Jetforce a little bit wrong
> (specified the wrong files?), or this is some issue with elpher, which I
> noticed complains about the certs of most Gemini sites. My issuer is
> LetsEncrypt, which should be fine.

I'm not sure because I haven't used it, but perhaps Elpher is one of the
few clients (the other I know of is Bombadillo) which have implemented
the TOFU security model recommended in the spec.  Current
implementations of Gemini are fairly inconsistent with how they handle
TLS, which admittedly is my fault for speccing that clients can validate
certs however they like and just "strongly recommending" TOFU.  Many
people have fallen back on the standard CA approach.  Heck, my own client
so far doesn't do any certificate validation at all!  I'll be TOFUising
it this weekend, though.

Cheers,
Solderpunk