Re: Certificate renewal under TOFU?

Message headers

From: tpt <Rajoduo@yahoo.com>

Subject: Re: Certificate renewal under TOFU?

Date: Tue, 21 Jun 2022 09:44:53 +0200

Message-ID: <t8rstm$3mo$1@gioia.aioe.org>

Message content

On 18-Jun-22 20:24, danrl wrote:

On 2022-06-02, mbays@sdf.org <mbays@sdf.org> wrote:
> gemini://gemini.thegonz.net/certRecs.gmi

>

This is very helpful. Thank you.

>

Although long validity times for certs make me uneasy when there is no
revocation lists, which brings us back to either PKI or DANE. Both seem better
suited for the job than TOFU to me. Luckily, we can combine them (somewhat).

Hypothetically speaking, what would be the arguments against using DANE

for Gemini? On first glance it seems like a perfect thing for the job.

Related

Parent:

Re: Certificate renewal under TOFU? (by danrl <d@x.gl> on Sat, 18 Jun 2022 18:24:33 -0000 (UTC))

Start of thread:

Certificate renewal under TOFU? (by danrl <d@x.gl> on Mon, 30 May 2022 03:31:15 -0000 (UTC))

Children:

Re: Certificate renewal under TOFU? (by Matthew Ernisse <matt@going-flying.com> on Thu, 23 Jun 2022 12:34:55 -0000 (UTC))