Enhancing TOFU

Stephane Bortzmeyer stephane at sources.org
Mon Mar 8 12:23:11 GMT 2021


On Fri, Mar 05, 2021 at 01:33:49PM +0100,
 nothien at uber.space <nothien at uber.space> wrote 
 a message of 44 lines which said:

> I propose an extension to this, which allows servers to announce
> their intention (in a verifiable way) to change certificates in the
> near future.

Gemini already has one way to announce this intention. To quote the
spec, "If the certificate is not the one previously received, BUT THE
PREVIOUS CERTIFICATE'S EXPIRY DATE HAS NOT PASSED, the user is shown a
warning". So, to announce your intention to change the certificate,
just say so in the expiration date (notAfter field).

Agunua <gemini://gemini.bortzmeyer.org/software/agunua/> does it in a
more liberal way, accepting a change if there is less than 10 % of the
former certificate life remaining:

# We accept a slack of 10 % of the certificate lifetime, or 7 days, whatever is smaller.
slack = old_lifetime/10
if datetime.timedelta(days=7) < old_lifetime/10:
    slack = datetime.timedelta(days=7)
if self.keystring != old_key:
    if datetime.datetime.utcnow() >= (old_expiration - slack):
          pass # OK, it is expired or soon to be
    else:
          error = "Former public key at %s was %s, new one is %s. ...
	  


More information about the Gemini mailing list