Updated recommendations regarding TOFU & TLS

Petite Abeille petite.abeille at gmail.com
Thu Mar 4 17:43:03 GMT 2021



> On Mar 4, 2021, at 18:36, Drew DeVault <sir at cmpwn.com> wrote:
> 
> The server generates a certificate and it just works. This is much easier.

True. Especially because no one verifies the resulting certificate at all. Easy-peasy indeed.

Actually, one could not bother at all as there is no chain of trust to speak of. Even easier.

What's the point? Honest question.

What's the [threat|trust|usage] model?

https://en.wikipedia.org/wiki/Threat_model

±0¢



More information about the Gemini mailing list