[spec] Certificate trust
come at chilliet.eu
Mon Mar 1 10:44:06 GMT 2021
Le lundi 1 mars 2021, 10:42:15 CET cas a écrit :
> No need to do manual/extra DNS queries to verify certificates via DANE.
> GnuTLS has DANE validation build in
> and OpenSSL has that as well
This is great news, but on an other subthread Stephane said:
> This is certainly the best solution, technically
> speaking. Unfortunately, adding DANE support to your Gemini client
> typically requires some effort, the existing libraries are typically
> not sufficient. (Full disclosure: I did not even add DANE support to
> my own Gemini client, despites the fact I'm strongly pro-DANE.)
Who is right?
I would feel really comfortable building on a existing bloc like DANE as this way there is a lot more chance to see libraries supporting it than if we use something Gemini-specific.
More information about the Gemini