I may have stumbled on a solution to the long-standing #gemini trust-on-first-use problem. Give it a read and share your thoughts:
@tomasino Great idea, I see no technical problems in it, except for diminishing the ease of implementing a client. And then maybe a standardized TXT record would be better, because making it a standardised field like the SSHFP fields is a big job. Kind of like getting the gemini:// protocol registered. It'll come, but... time. POC can be done with TXT records.
@tomasino you may want to read the thread "Certificate trust" on the Gemini mailing list archive https://lists.orbitalfox.eu/archives/gemini/2021/thread.html
there is already DANE to associate certificates to DNS entries for authentication https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
masto instance for the tildeverse