[spec] Oustanding issues

Stephane Bortzmeyer stephane at sources.org
Tue Jan 12 13:09:56 GMT 2021


On Mon, Jan 11, 2021 at 02:47:40PM -0500,
 easrng <easrng at gmail.com> wrote 
 a message of 12 lines which said:

> I think I would handle certs a few different ways. [...] If the
> certificate was valid and trusted by the CAs installed, I would also
> accept it, even if that means overwriting an earlier TOFU
> entry. Otherwise, I would handle them like SSH handles keys, by
> asking the user on the first connection if the certificate is
> trusted.

It seems a reasonable choice. (Except that "asking the user [...] if
the certificate is trusted" is just playing with words: unlike SSH,
the user has zero knowledge of the remote server and cannot assess the
certificate.) I like the way it deals with the coexistence X.509/TOFU.

> First, if it was tunneled over a protocol that is already encrypted
> (ex. Tor), I'd accept any certificate, because TLS would be
> redundant,

Depending on how the client and the server are ran, they may not know
if they use Tor or not. Think socks and stuff like that. 



More information about the Gemini mailing list