-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: tlsa action: summary revision: path_from: revision_from: : path_to: revision_to:
Display summary about given repository. This is the default command if no action is specified in URL, and only repository is specified.
TODO:
[ ] load the TOFU certs
[ ] remove a lot of stuff?
[ ] figure out how to get all the needed checks and fallbacks while only making one connection to the server.
what to do if:
\ DNSSEC |
TLSA\ good | bad | gone
-----+-------------+---------
good | a | b | c
-----|------+------+--------
bad | d | e | f
-----|------+------+--------
gone | g | h | i
DNSSEC | TLSA |
a: good | good | best situation. connect happily.
b: bad | good | but TLSA is good... reject.
c: gone | good | TLSA is present and good. maybe accept but warn?
d: good | bad | TLSA is bad. reject.
e: bad | bad | obviously reject.
f: gone | bad | reject.
g: good | gone | accept but warn?
h: bad | gone | reject.
i: gone | gone | accept because most servers are this way.
so, it looks like...:
if DNSSEC == good and TLSA == good:
accept
else if DNSSEC == bad or TLSA == bad:
reject
else:
warn, but accept
-- Response ended
-- Page fetched on Tue May 7 10:31:39 2024