[ANN] A Gemini crawler, for statistics about the geminispace

Stephane Bortzmeyer stephane at sources.org
Sat Dec 19 19:18:10 GMT 2020

Previous message (by thread): [ANN] A Gemini crawler, for statistics about the geminispace
Next message (by thread): [tech] [psa] robustness (was Re: [ANN] A Gemini crawler, for statistics about the geminispace)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Dec 19, 2020 at 07:55:05PM +0100,
 Solderpunk <solderpunk at posteo.net> wrote 
 a message of 22 lines which said:

> I'd also like to know about self-signed certificates,

I'm not expert enough on X.509 but do note that the obvious algorithm
to detect self-signed certificates (checking that issuer == subject)
does not work well in the geminispace where many certs are signed
by... someone (not a known CA but not the subject).

> But I know this information is *not* easy to get at in Python
> without external dependencies,

Most of it is easy to get
<https://framagit.org/bortzmeyer/lupa/-/issues/7>

> I have plans to write a certificate observatory daemon in 2021, with
> a simple Gemini interface so that TOFU clients can query it
> regarding new certs.

If it is just for surveying, fine. If it is to turn it into a security
system, be careful, there are many traps. Who can put new
certificates, how to be sure that clients will check it, etc.

gemini://gemini.bortzmeyer.org/rfc-mirror/rfc6962.txt

Previous message (by thread): [ANN] A Gemini crawler, for statistics about the geminispace
Next message (by thread): [tech] [psa] robustness (was Re: [ANN] A Gemini crawler, for statistics about the geminispace)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list