CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)

defdefred defdefred at protonmail.com
Fri Jun 12 09:13:28 BST 2020

Previous message (by thread): CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)
Next message (by thread): CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maybe adding version for whole gemini protocol ?


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday 12 June 2020 01:39, Thomas Karpiniec <tkarpiniec at icloud.com> wrote:

> On Thu, Jun 11, 2020 at 07:50:18PM +0000, solderpunk wrote:
>
> > Ah, right, if everybody is already using SHA256 then, yes, we can stick
> > to that and the different serialisations are convertible. And I don't
> > see any reason not too. From what I can tell there (somewhat
> > surprisingly) really isn't a standard notion of certificate
> > fingerprinting, but SHA1 and SHA256 seem to be the most commonly used by
> > web browsers.
>
> At the risk of overthinking things, I was reading RFC6709 "Design
> Considerations for Protocol Extensions" for non-Gemini reasons
> recently and this section seems relevant:
>
> "4.5. Cryptographic Agility
>
> ... The ability to negotiate the use of a particular cryptographic
> algorithm provides resilience against compromise of a particular
> cryptographic algorithm.... This is usually accomplished by including
> an algorithm identifier and parameters in the protocol, and by
> specifying the algorithm requirements in the protocol specification."
>
> i.e. Instead of storing opaque bytes, also mention that it's SHA256
>
> A stand-alone implementation of this concept:
> https://multiformats.io/multihash/
>
> Cheers, Tom

Previous message (by thread): CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)
Next message (by thread): CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list