TLS certificate sizes in Geminispace

[solderpunk]

There are several contributing factors to TLS overhead.  Some of it is
network based, to do with actually downloading the certificate, and
doing the handshake.  Some of it is computation based, to do with the
key exchange calculations.  Which is the more important bottleneck will
differe between applications.  In cases where network overhead is more
important, getting down the size of the certificate may help.

My AV-98 TOFU database has 103 certificates stored in it.  The mean size
is 1247 bytes - about as large, IIRC, as the average text/gemini
document.  95% of certificates range in size between 704 bytes and 1634
bytes.

However, the smallest certificate I have encountered belongs to
cozylabs.eu.  It is 273 bytes, i.e. 20% of the average!  Or, about 1 KiB
smaller than average.  That's 1KiB less network traffic for each
request to that server compare to a typical server.

cozylabs.eu achieves this feat with a single self-signed ED25519
certificate.  For folks who want to ditch the CA system and embrace
TOFU, this is clearly the way to do it.  I will migrate
gemini.circumlunar.space to this style of certificate in the near
future.

Unfortunately making this kind of cert with the `openssl` tool is not
as straightforward as other options.  The standard library for Go seems
up to the task.  I will write a small and simple bulletproof program to
generate these certs next week, and document it well.  It will be handy
not only for server admins but people who want to generate their own
client certs for use with clients like Alphonse.  Stay tund...

Cheers,
Solderpunk