[spec] The updated speculative specification is now up

Benjamin Cronin bcronin720 at gmail.com
Fri Apr 9 03:05:56 BST 2021

Previous message (by thread): [spec] The updated speculative specification is now up
Next message (by thread): [spec] The updated speculative specification is now up
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Perhaps it could mention something about published vulnerabilities or
crackability with consumer hardware, as a response to the [by whom?] that
nervuri mentions here.
I think library support is also important to make sure that any
implementations are done well and that people aren't trying to rush a
standard without proper support, leading to more bugs and opportunities for
malicious attacks.
- Entflammen

On Thu, Apr 8, 2021 at 4:00 PM <text at sdfeu.org> wrote:

> On Thu, 08 Apr 2021 16:59:31 +0000, nervuri wrote:
>
> > On Wed, 2021-04-07, Sean Conner wrote:
> >> Also, stats [1] show that some 21% of Gemini sites still use TLS 1.2.
> >> Personally, I think that once this falls below 5% (or greater than 95%
> >> of all sites support TLS 1.3) we can revisit this decision.
> >
> > Also, if the actual blocker is the percentage of servers and clients
> > supporting TLS 1.3, then that's what the specification should say,
> > rather than referring to libraries.  It can be vague, like:
> >
> >   TLS 1.2 is reluctantly permitted until TLS 1.3 support is more
> >   widespread among Gemini servers and clients.
> >   The minimum required TLS version is 1.2,
> >   but clients who wish to be "ahead of the curve" MAY
> >   refuse to connect to servers using TLS version 1.2.
>
> Could we even formulate without specifying version numbers, not knowing
> which version Gemini should be using in like a decade?  Somewhat along:
>
> Servers and clients must use TLS. The current (stable) TLS version should
> be supported; the next lower version may be supported as long as
>   a) this lower version is not [commonly] considered insecure [by whom?]
>      and
>   b) the majority of [common] TLS libraries do not [yet] support the
>      current TLS version in the libraries' stable versions.
>
> Not too sure about a) and the "common" parts, though.
>
> Thx
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210408/ad61caec/attachment.htm>

Previous message (by thread): [spec] The updated speculative specification is now up
Next message (by thread): [spec] The updated speculative specification is now up
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list