Comment by ๐ฆ zzo38
Re: "TLS Questions: CAs and Tofu"
There are a few things that can be done. One is to ensure that you can view the certificate (and the hash of the certificate), in case you want to verify it independently. Another (a bit more complicated, but possible) is to use an extension that indicates that one certificate supersedes another; both the old and new certificate need to have this extension and the same root certificate in order for this to work, though; if the root certificate also changes then it must be verified independently like I had previously mentioned.
DANE is also good to have, although it will not be secure unless the DNS is secure.
You can still have multiple methods and configuration options if you want to, or omit some for a simpler implementation if you do not need all of them.
I think it is reasonable to make the security icon to indicate which kind of certificate validation is being used; in addition to TOFU, PKI, and DANE, there might also be one that specifies matching a exact certificate specified by the user for that domain.
Using TOFU only for self-signed certificates will not work if they have a self-signed root certificate which is used to issue another one to themself (there are some reasons to do this). If the icon is used to indicate the security type, then you could do use TOFU if none of the certificates in the chain is known and PKI and DANE are not available (or are disabled by the user), and the icon indicates this. Due to possibility of reassignment of domain names, you might want to use TOFU even if DANE is available (which might be configurable by the end user; DANE will then be used together with TOFU).
Feb 24 ยท 2 months ago
1 Later Comment
@zzo38: I have a pop-up on the icon with various security details. And the algorithm is like here:
โ bbs.geminispace.org/s/Gemini/26311
I think re-signing with TOFU _is_ handled since it uses the root signing key in the Trust Anchor hash.
There are many rough edges on the UI side though, like overriding trust is manual and for some cases impossible :/
Original Post
TLS Questions: CAs and Tofu โ I'm working on a Gemini client (cuz we clearly don't have enough) and have a few questions regarding TLS: First, how common are CA signed certificates in the Gemini verse? My understanding is that most servers use self signed certificates nowadays. Second, for TOFU, is there any problem of accepting a certificate different from the one that was first seen, but provides the same public key (and therefore was signed by the same private key)? I want to say no, and...