TLS certificate sizes in Geminispace

solderpunk solderpunk at SDF.ORG
Sat Jun 27 09:59:10 BST 2020

Previous message (by thread): TLS certificate sizes in Geminispace
Next message (by thread): TLS certificate sizes in Geminispace
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Forwarded message from solderpunk <solderpunk at SDF.ORG> -----

Date: Fri, 26 Jun 2020 16:44:41 +0000
From: solderpunk <solderpunk at SDF.ORG>
To: Gemini application layer protocol <gemini at lists.orbitalfox.eu>
Subject: Re: TLS certificate sizes in Geminispace

On Fri, Jun 26, 2020 at 05:05:22PM +0200, Felix Queißner wrote:
> Using Kristall works and it's blazingly fast, seems to be a correct
> server configuration

Initially, I could not access cozylabs.eu using Bombadillo.  Then I
upgraded my Golang version from 1.11 to 1.14 and rebuilt Bomadillo, and
now it works just fine.  I have not tested it yet, but I presume that
exactly the same would be true of Amfora.  I tried this after realising
that the crypto/ed25519 package only appeared in the Go standard library
with the 1.13 release (September last year).

I run Debian stable, famous for lagging behind the latest release of
everthing.  In this case, Debian stable was far enough behind on Go that
it meant Go-based clients wouldn't work with ED25519.  After the *next*
Debian stable release, I imagine this will not be an issue.  Already
with the current stable release, Python-based clients using Python's
OpenSSL binding work with ED25519 just fine.  My tiny little ~100 line
Lua client also works just fine, although to be fair I may have pulled
in some Lua libraries from LuaRocks which are more up to date than what
Debian ships with.

Anyway, it seems to me that we're perhaps a year or so away from a
situation where even famously slow moving and outdated distributions can
handle these certs out-of-the-box with a majority of clients , so let's
look forward to that faster future.

In the meantime, folks who like to "live on the edge" can change earlier
I will probably, contrary to my earlier claim, be a bit more
conservative with gemini.circumlunar.space, because that really ought to
be very widely acccessible.

Also in the meantime, I encourage all authors of Gemini-related software
written in Go who distribute pre-compiled binaries to compile their
binaries with the latest version of Go they can.

Cheers,
Solderpunk

Previous message (by thread): TLS certificate sizes in Geminispace
Next message (by thread): TLS certificate sizes in Geminispace
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list