TLS certificate sizes in Geminispace

[Petite Abeille]

> On Jun 26, 2020, at 15:56, solderpunk <solderpunk at SDF.ORG> wrote:
> 
> cozylabs.eu achieves this feat with a single self-signed ED25519
> certificate.

What is the consensus on those self-signed ED25519 certificates? Good? Bad? Ugly?

$ echo | openssl s_client -connect cozylabs.eu:1965 2>/dev/null | openssl x509 -outform der | wc -c
273

So, 273 bytes in DER format.

$ openssl s_client -quiet -crlf -connect cozylabs.eu:1965 <<< gemini://cozylabs.eu/ 2>/dev/null | wc -c
340

For 340 bytes of text/gemini content. 

Fair enough. (Ignoring all of the TCP overhead itself, as pointed out by Sean [1]).

> Unfortunately making this kind of cert with the `openssl` tool is not as straightforward as other options.  

$ openssl version
OpenSSL 1.1.1g  21 Apr 2020

$ openssl req -new -newkey ed25519 -nodes -keyout key.pem -x509 -days 36500 -subj / -outform der | wc -c
282

282 bytes versus 273 bytes for cozylabs.eu <http://cozylabs.eu/>. 

Doesn't seem to be that bad. Perhaps I missed something :)


[1] https://lists.orbitalfox.eu/archives/gemini/2020/001958.html <https://lists.orbitalfox.eu/archives/gemini/2020/001958.html>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200709/1eb3e6c0/attachment.htm>