Removing expiry dates for TOFU

[colecmac at protonmail.com]

Looks like it was a bad idea after all haha. I wasn't sure about it,
so thanks for showing some issues with it.

I will have to look at your USB example another time to understand it
fully, but it sounds interesting. Another optional security thing like
you explained with notaries?

> That said, for typical Gemini applications I don't think something like
> a three year key/cert lifespan is necessarily a big problem, and would
> certainly make TOFU issues less common. In principle it doesn't make
> much sense to rotate your TLS keys much more often than your server's
> SSH keys, and let's be honest: how often do most of us do that?

Maybe this is a better solution, everyone using longer term certs? It
still might not be enough though.

My thinking behind my original post was that the fewer valid reasons for
changing certs the better. If changing certs is very rare, then clients
can be more informative to the user, and say with more surety that there
is a MITM attack going on. How can we lessen the behaviour of just clicking
through any TOFU pop-up?

Thanks,
makeworld