Does TOFU actually work?

[Emilis]

It seems there also is an issue with my browser's UI: the warning color 
on the security icon matched the primary color of the built-in theme I 
am using:

https://github.com/skyjake/lagrange/issues/72#issuecomment-735268218

I didn't notice that Lagrange was actually warning me about the changed 
certificate.


Gemini spec says (4.2):

 > If the certificate is not the one previously received, but the 
previous certificate's expiry date has not passed, the user is shown a 
warning, analogous to the one web browser users are shown when receiving 
a certificate without a signature chain leading to a trusted CA.

I think we would all benefit if someone went through the known browsers, 
checked how they implement this and published the results.

--
Emilis Dambauskas
gemini://tilde.team/~emilis/