[users] Announcing Gemini Discovery at gemini://discovery.geminiprotocol.com/
- 📧 Messages: 6
- 🗣️ Authors: 4
- 📅 First Message: 2021-03-16 01:00
- 📅 Last Message: 2021-03-16 10:40
1. Nathan Galt (mailinglists (a) ngalt.com)
- 📅 Sent: 2021-03-16 01:00
- 📧 Message 1 of 6
Gemini Discovery is now up and running. In a nutshell, it's a directory of
search engines and directories. It's available at:
gemini://discovery.geminiprotocol.com/
It mostly serves two audiences:
* people who want to find new/updated things on Gemini
* people who want other people to be able to find their (new) capsules
If you'd like a page that links to most of the gemini-discovery services
out there, check it out.
Link to individual message.
2. Omar Polo (op (a) omarpolo.com)
- Subject Changed! New Subject: Re: [users] Announcing Gemini Discovery at gemini://discovery.geminiprotocol.com/
- 📅 Sent: 2021-03-16 10:07
- 📧 Message 2 of 6
Nathan Galt <mailinglists@ngalt.com> writes:
> Gemini Discovery is now up and running. In a nutshell, it's a directory
of search engines and directories. It's available at:
>
> gemini://discovery.geminiprotocol.com/
>
> It mostly serves two audiences:
>
> * people who want to find new/updated things on Gemini
> * people who want other people to be able to find their (new) capsules
>
> If you'd like a page that links to most of the gemini-discovery services
out there, check it out.
I'm not able to load the page on any clients (porcelain, lagrange,
tinmop & my secret little project) on OpenBSD. All of them complains
about a failure during the handshake :/
Link to individual message.
3. Stephane Bortzmeyer (stephane (a) sources.org)
- 📅 Sent: 2021-03-16 10:21
- 📧 Message 3 of 6
On Tue, Mar 16, 2021 at 11:07:35AM +0100,
Omar Polo <op@omarpolo.com> wrote
a message of 17 lines which said:
> I'm not able to load the page on any clients (porcelain, lagrange,
> tinmop & my secret little project) on OpenBSD. All of them complains
> about a failure during the handshake :/
No problem with Lagrange or Amfora here. gnutls-cli shows no TLS
issue:
% gnutls-cli --insecure -p 1965 discovery.geminiprotocol.com
Processed 0 CA certificate(s).
Resolving 'discovery.geminiprotocol.com:1965'...
Connecting to '95.217.134.139:1965'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `EMAIL=admin@geminiprotocol.com,CN=discovery.geminiprotocol.com,
C=se', issuer
`EMAIL=admin@geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se',
serial 0x4c149bab68907b80691f37bbfae5c30ef6a6ae6d, EdDSA (Ed25519) key 256
bits, signed using EdDSA-Ed25519, activated `2021-03-14 18:03:31 UTC',
expires `2040-12-31 18:03:31 UTC',
pin-sha256="wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc="
Public Key ID:
sha1:a105e4d487cbef2db156c4cb5413e27382b2b1fd
sha256:c0f5e3aa390e706c8be1c63b446cb872d30b0d97f17d35f180790a418f40f9b7
Public Key PIN:
pin-sha256:wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc=
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
- Successfully sent 0 certificate(s) to server.
- Description: (TLS1.2-X.509)-(ECDHE-X25519)-(EdDSA-Ed25519)-(AES-256-GCM)
- Session ID:
F8:63:9A:89:C8:0B:8A:C7:58:15:8F:74:23:00:95:A5:67:D8:F8:FE:5F:40:FD:4F:8A:
4B:AE:31:44:31:23:D6
- Options: extended master secret, safe renegotiation,
- Handshake was completed
Link to individual message.
4. Katarina Eriksson (gmym (a) coopdot.com)
- 📅 Sent: 2021-03-16 10:27
- 📧 Message 4 of 6
Omar Polo <op@omarpolo.com> wrote:
Nathan Galt <mailinglists@ngalt.com> writes:
> Gemini Discovery is now up and running. In a nutshell, it's a directory
of search engines and directories. It's available at:
>
> gemini://discovery.geminiprotocol.com/
> I'm not able to load the page on any clients (porcelain, lagrange,
> tinmop & my secret little project) on OpenBSD. All of them complains
> about a failure during the handshake :/
I'm doing the hosting and will respond to you off list for troubleshooting.
--
Katarina
Link to individual message.
5. Omar Polo (op (a) omarpolo.com)
- 📅 Sent: 2021-03-16 10:30
- 📧 Message 5 of 6
Stephane Bortzmeyer <stephane@sources.org> writes:
> On Tue, Mar 16, 2021 at 11:07:35AM +0100,
> Omar Polo <op@omarpolo.com> wrote
> a message of 17 lines which said:
>
>> I'm not able to load the page on any clients (porcelain, lagrange,
>> tinmop & my secret little project) on OpenBSD. All of them complains
>> about a failure during the handshake :/
>
> No problem with Lagrange or Amfora here. gnutls-cli shows no TLS
> issue:
>
> % gnutls-cli --insecure -p 1965 discovery.geminiprotocol.com
> Processed 0 CA certificate(s).
> Resolving 'discovery.geminiprotocol.com:1965'...
> Connecting to '95.217.134.139:1965'...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
> - subject
`EMAIL=admin@geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se',
issuer `EMAIL=admin@geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se
', serial 0x4c149bab68907b80691f37bbfae5c30ef6a6ae6d, EdDSA (Ed25519) key
256 bits, signed using EdDSA-Ed25519, activated `2021-03-14 18:03:31 UTC',
expires `2040-12-31 18:03:31 UTC',
pin-sha256="wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc="
not a tls experts, but I think my issues are caused by the ed25519 key.
I recall reading something that libressl don't support those keys yet
(please correct me if I'm wrong)
; nc -c -Tnoverify discovery.geminiprotocol.com 1965
nc: tls handshake failed (handshake failed: error:1404B410:SSL
routines:ST_CONNECT:sslv3 alert handshake failure)
> Public Key ID:
> sha1:a105e4d487cbef2db156c4cb5413e27382b2b1fd
> sha256:c0f5e3aa390e706c8be1c63b446cb872d30b0d97f17d35f180790a418f40f9b7
> Public Key PIN:
> pin-sha256:wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc=
>
> - Status: The certificate is NOT trusted. The certificate issuer is unknown.
> *** PKI verification of server certificate failed...
> - Successfully sent 0 certificate(s) to server.
> - Description: (TLS1.2-X.509)-(ECDHE-X25519)-(EdDSA-Ed25519)-(AES-256-GCM)
> - Session ID:
F8:63:9A:89:C8:0B:8A:C7:58:15:8F:74:23:00:95:A5:67:D8:F8:FE:5F:40:FD:4F:8A:
4B:AE:31:44:31:23:D6
> - Options: extended master secret, safe renegotiation,
> - Handshake was completed
Link to individual message.
6. Stephane Bortzmeyer (stephane (a) sources.org)
- 📅 Sent: 2021-03-16 10:40
- 📧 Message 6 of 6
On Tue, Mar 16, 2021 at 11:30:14AM +0100,
Omar Polo <op@omarpolo.com> wrote
a message of 44 lines which said:
> not a tls experts, but I think my issues are caused by the ed25519 key.
> I recall reading something that libressl don't support those keys yet
If so, this is certainly a serious problem with LibreSSL. RFC 8410,
which added these keys in certificates, is already 2.5 years old.
According to Lupa
<gemini://gemini.bortzmeyer.org/software/lupa/stats.gmi>, 8 capsules
use this type of key. Can you connect to them:
name | lastsuccessfulconnect | certalgorithm
-----------------------+----------------------------+---------------
lord.re | 2021-03-16 07:45:22.190857 | ED25519
tdem.in | 2021-03-14 19:06:25.216331 | ED25519
erion.cf | 2021-03-13 09:00:36.070426 | ED25519
fern91.com | 2021-03-13 07:28:30.499848 | ED25519
gemini.eletrotupi.com | 2021-03-13 05:55:16.892495 | ED25519
earnestma.xyz | 2021-03-10 14:27:00.991546 | ED25519
antonmcclure.com | 2021-03-09 19:22:56.702628 | ED25519
cfdocs.wetterberg.nu | 2021-03-06 09:38:35.085335 | ED25519
Link to individual message.
---
Previous Thread: SDF has set up Gemini service for its MetaARPA users
Next Thread: [tech] LibreSSL and ed25519 (Re: [users] Announcing Gemini Discovery at gemini://discovery.geminiprotocol.com/)