[spam][crazy] Adding Cert Pinning to E-X

[grarpamp]

> the electrum
> protocol doesn't include ssl fingerprints in peer exchange yet, which
> might mean a mitm can easily offer you a fake peer network.
>
> this is something that is not too complex to add and can reduce the
> censorship/difficulty tradeoff for cryptocurrency clients

Almost zero cryptocurrency networks use TLS, that's
very bad (and it's called TLS for decade+ now, not SSL),
they all should have used it since day one over 13 years ago.

Clients should do opportunistic TLS with a TOFU cert
learning db, report new keys in user log (because unless
the coin network peers are doing PKI or registry no one will
have way to verify changes anyway), have one mode to
keep locked to TOFU certs, one mode to just accept
all cert changes, another mode to accept some number
ot percent of cert changes per time period.

Since most certs in a p2p net will be selfsigned and not in
the root path, and if not Letsencrypt policy will constantly be
bumping out your pinned sig forms, and verifying sigs is not
as important as catching pubkey swapouts which are the
real indicators of actual privkey compromise.
So use pubkey pinning, instead of cert_DER pinning, see:

curl --pinnedpubkey

That will cut the number of pin management interrupts
to just privkey swapouts and reinitialized nodes.