[spec] The updated speculative specification is now up
bcronin720 at gmail.com
Fri Apr 9 03:05:56 BST 2021
Perhaps it could mention something about published vulnerabilities or
crackability with consumer hardware, as a response to the [by whom?] that
nervuri mentions here.
I think library support is also important to make sure that any
implementations are done well and that people aren't trying to rush a
standard without proper support, leading to more bugs and opportunities for
On Thu, Apr 8, 2021 at 4:00 PM <text at sdfeu.org> wrote:
> On Thu, 08 Apr 2021 16:59:31 +0000, nervuri wrote:
> > On Wed, 2021-04-07, Sean Conner wrote:
> >> Also, stats  show that some 21% of Gemini sites still use TLS 1.2.
> >> Personally, I think that once this falls below 5% (or greater than 95%
> >> of all sites support TLS 1.3) we can revisit this decision.
> > Also, if the actual blocker is the percentage of servers and clients
> > supporting TLS 1.3, then that's what the specification should say,
> > rather than referring to libraries. It can be vague, like:
> > TLS 1.2 is reluctantly permitted until TLS 1.3 support is more
> > widespread among Gemini servers and clients.
> > The minimum required TLS version is 1.2,
> > but clients who wish to be "ahead of the curve" MAY
> > refuse to connect to servers using TLS version 1.2.
> Could we even formulate without specifying version numbers, not knowing
> which version Gemini should be using in like a decade? Somewhat along:
> Servers and clients must use TLS. The current (stable) TLS version should
> be supported; the next lower version may be supported as long as
> a) this lower version is not [commonly] considered insecure [by whom?]
> b) the majority of [common] TLS libraries do not [yet] support the
> current TLS version in the libraries' stable versions.
> Not too sure about a) and the "common" parts, though.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gemini