[spec] Oustanding issues

Stephane Bortzmeyer stephane at sources.org
Wed Jan 6 08:25:59 GMT 2021


On Tue, Jan 05, 2021 at 03:17:00PM -0500,
 Gary Johnson <lambdatronic at disroot.org> wrote 
 a message of 89 lines which said:

> 1. What are the valid/invalid/recommended values for CN, SAN, and
>    expiration dates in certificates in the context of TOFU?

Also, regarding TOFU (probably the worst part of the current
specification), there are many other clarifications requested:

* should the client consider the whole certificate or just the public
key? The spec says the whole certificate but I don't see the point if
the rest of the certificate is not used.
* interactions between TOFU and valid certificates. For instance,
should a client disable TOFU when the certificate is valid?
* rewrite the sentence "the previous certificate's expiry date has not
passed" because you don't renew a certificate when it is expired, but
a few days/weeks before.

> 2. Client use of URL fragments (jump to heading, full text search, etc.)

There are actually two separate issues with fragments:

* Behavior during redirection
* Semantics for text/gemini



More information about the Gemini mailing list