The protection offered by TLS in a TOFU scheme

Björn Wärmedal bjorn.warmedal at
Fri Mar 5 11:02:20 GMT 2021

> It's my opinion that the easiest course of action is to ignore the TOFU problematic altogether —  and blindly use TLS for transmission security only.
> TOFU doesn't seem to be a good operational fit for Gemini.
> Developing  a whole new trust model to support it is beyond the scope of the Gemini protocol — in my view.
> The easiest win would be to stick to just plain TLS — and call it a day.

An absolutely valid opinion. Just accept any cert and go. Any client
developer out there can already do that, of course (and any automated
clients have to, in the current state of affairs).

Another option is to stick with CAs, which all(?) TLS libraries do by
default. Also a valid opinion.

I personally like TOFU, but it's proven to be very very hard to
communicate to implementers and server operators what TOFU means for

Basically, in my opinion, all these three options have merits and
flaws and I'd be okay with any of them as the final choice.


More information about the Gemini mailing list