On certificates and validation

[Drew DeVault]

Something worth mentioning is that the reason I discourage the use of
CAs and encourage some baseline sanity checks on certificate validity is
because I don't expect sysadmins to be handling certificates at all.

Certificates are annoying and easily fucked up. That easily-fucked-up
bit is probably why you're hand-wringing over whether or not to accept
invalid certificates. However, with TOFU, there's no reason for
sysadmins to generate their own certificates at all. My server software
(gmnisrv) handles certificate generation and rotation entirely
automatically, without any help from the sysadmin whatsoever. They
cannot make a mistake because the software does it for them, and the
software does it correctly.

With a TOFU system like Gemini, there's no reason whatsoever that we
should bring along the legacy nonsense of certificate authorities and
manual human-operated certificate maintanence.