On certificates and validation

Drew DeVault sir at cmpwn.com
Thu Nov 26 18:42:36 GMT 2020

Previous message (by thread): On certificates and validation
Next message (by thread): On certificates and validation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu Nov 26, 2020 at 1:41 PM EST, Michael Lazar wrote:
> Now you're talking about CA verified certificates. There's nothing
> wrong with using self-signed CAs, but it's a completely different
> security model than TOFU and shouldn't be confused with it.

Mostly correct. What we have is TOFU on top of TLS, not just TOFU. And
because these parameters are present, it's likely that someone may rely
on them. And if they do, and put their personal security on the line for
it, then we can hardly call that a mistake.

Gemini uses TLS. That comes with warts. That's life.

Previous message (by thread): On certificates and validation
Next message (by thread): On certificates and validation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list