Removing expiry dates for TOFU

colecmac at protonmail.com colecmac at protonmail.com
Sun Jul 5 23:18:56 BST 2020

Previous message (by thread): Removing expiry dates for TOFU
Next message (by thread): Removing expiry dates for TOFU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

5 year certs sound like a good compromise to me. We can make client
messages sufficiently scary, seeing as a five year expiry will make
TOFU issue somewhat rare. Will you set that as a default for your
cert tool then?

Do you agree with my original recommendation that clients should
auto-accept any cert once the old one has expired? This seems relevant
here. I think it's nice for UX, although I see the obvious security risk.

makeworld

Previous message (by thread): Removing expiry dates for TOFU
Next message (by thread): Removing expiry dates for TOFU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list