commit 3be78a240dd1fc38feec3f7320d438536bff183b
from: Omar Polo <op@omarpolo.com>
date: Wed Mar 17 16:32:41 2021 UTC

mention tofu in the readme

commit - cbcc75fb9de09c1187e40a3b185e029fb5b1bbfc
commit + 3be78a240dd1fc38feec3f7320d438536bff183b
blob - ee3031e32a906dc5b6cbecebdf449cf500b1c00c
blob + 360707330f745b80a8886a79e54cf96612751920
--- README.md
+++ README.md
@@ -17,9 +17,8 @@ things that you can help develop :)
 
  - UTF8 handling: it needs to handle non-ASCII characters in pages and
    in the minibuffer input
- - bookmarks
  - subscriptions
- - tofu
+ - tofu oob verification
  - client certificates
  - add other GUIs: atm it uses only ncurses, but telescope shouldn't
    be restricted to TTYs only!
@@ -58,6 +57,27 @@ but I'd like to finish it into a complete Gemini brows
    and easy migrations from/to other clients.
 
 
+## TOFU
+
+Telescope aims to use the "Trust, but Verify (where appropriate)"
+approach outlined here:
+[gemini://thfr.info/gemini/modified-trust-verify.gmi](gemini://thfr.info/gemini/modified-trust-verify.gmi).
+
+The idea is to define three level of verification for a certificate:
+
+ - **untrusted**: the server fingerprint does NOT match the stored
+   value
+ - **trusted**: the server fingerprint matches the stored one
+ - **verified**: the fingerprint matches and has been verified
+   out-of-band by the client.
+
+Most of the time, the `trusted` level is enough, but where is
+appropriate users should be able to verify out-of-band the
+certificate.
+
+At the moment there is no support for oob-verification though.
+
+
 ## Building
 
 Telescope depends on ncursesw, libtls (from either LibreSSL or