I may have stumbled on a solution to the long-standing trust-on-first-use problem. Give it a read and share your thoughts:


@tomasino Great idea, I see no technical problems in it, except for diminishing the ease of implementing a client. And then maybe a standardized TXT record would be better, because making it a standardised field like the SSHFP fields is a big job. Kind of like getting the gemini:// protocol registered. It'll come, but... time. POC can be done with TXT records.

@tomasino you may want to read the thread "Certificate trust" on the Gemini mailing list archive

there is already DANE to associate certificates to DNS entries for authentication

@solene aha, fantastic! Same thing then! DNS to the rescue (said noone ever)

Sign in to participate in the conversation

masto instance for the tildeverse