Trust model for addresses and certificates (DANE etc..)

Jason McBrayer jmcbray at carcosa.net
Fri May 29 15:08:04 BST 2020

Previous message (by thread): Trust model for addresses and certificates (DANE etc..)
Next message (by thread): Trust model for addresses and certificates (DANE etc..)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

southerntofu at thunix.net writes:

> Using DANE to distribute certificates reduces the attack surface, because the
> DNS is already a SPOF for a gemini server. I personally believe the gemini spec
> should strongly encourage admins to use DANE to distribute their server
> certificates.

Could you provide a minimal sample implementation of how a client would
implement this? Just to demonstrate feasibility and to provide a guide
to other client authors?

-- 
+-----------------------------------------------------------+  
| Jason F. McBrayer                    jmcbray at carcosa.net  |  
| If someone conquers a thousand times a thousand others in |  
| battle, and someone else conquers himself, the latter one |  
| is the greatest of all conquerors.  --- The Dhammapada    |

Previous message (by thread): Trust model for addresses and certificates (DANE etc..)
Next message (by thread): Trust model for addresses and certificates (DANE etc..)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list