Updated recommendations regarding TOFU & TLS

Petite Abeille petite.abeille at gmail.com
Thu Mar 4 23:25:52 GMT 2021

> On Mar 5, 2021, at 00:13, Phil Leblanc <philanc at gmail.com> wrote:
> On Thu, Mar 4, 2021 at 11:05 PM Petite Abeille <petite.abeille at gmail.com> wrote:
>>> so, "Petite Abeille" sounds more positive to me :-)
>> An apiculturists commune this is not.
> Right. What an amazing thread...

You are not saying :P

> Anyway, thanks to Drew DeVault for his TOFU/TLS recommendations. I am
> not sure any of the 36+ following replies related to it  - but I may
> have missed some :-)

Not really, no. Mostly pests control. Go figure.

That said, I still don't get the TOFU usage model in the context of Gemini... not that I necessarily need to understand it to have a good night sleep, but still... out of curiosity...

In ssh, I know the host, therefore I trust the key. Plus, this happens only every blue moon. No brainer.

Not so in the wild-wild Gemini space.

Infinite number of esoteric, fly-by-night operators.

All harmless for sure, but still.

What's the trust model, if any?

Or is it more like Trust-And-Pray (TAP)?

In which case, why bother? Just ignore all certificates and be merry.

This is what a Little Bee impersonator had to say on GitLab:

Trust on first use (TOFU) is akin to unprotected intercourse: you must trust your partner to keep Gonorrhea at bay.

No trust, no use.


It was not well received, needless to say. 

That much is clear.


More information about the Gemini mailing list