I'd like to suggest that, to supplement TOFU, we copy OpenSSH's trick of
displaying a fingerprint as ASCII art. I just implemented this in my
client diohsc; here's an example:
```
> g gemini.circumlunar.space
>>> gemini://gemini.circumlunar.space
Certificate chain: DST Root CA X3 >>> Let's Encrypt Authority X3 >>>
gemini.circumlunar.space
+-----[X509]------+ +-----[X509]------+
| .. . | | ... . |
|o . . . . | | . o . |
|+o . o o | | o o |
|+E = . = | | . . o |
| . + + ^ . | | . . o ^ |
| . + * o | >>> | + + E |
| . o . | | . @ . |
| . | |.o + * |
| | |B+..o |
+----[SHA256]-----+ +----[SHA256]-----+
Let's Encrypt Authority X gemini.circumlunar.space
Expires 2021-03-17 Expires 2020-08-01
25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
>>> 2bba43d5886f92f4e3f1d0fc1d66d647c2b890965e8088f09d0345649bb5bd25
No previous certificate seen for this host -- trusting provided certificate!
[press a key]
```
The idea is that these pictures are much easier for humans to recognise
than long hex strings. So even if you don't have the fingerprint you're
expecting saved to disk, you might be familiar enough with its picture
that you can recognise if it's changed.
This is using the "drunken bishop" algorithm used by OpenSSH; it's
pretty straightforward, and described nicely here:
http://www.dirk-loss.de/sshvis/drunken_bishop.pdf
(I'm using this nice haskell implementation:
https://hackage.haskell.org/package/drunken-bishop )
I think it might be nice if we had a cross-client convention to use
these fingerprint pictures.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200620/8004
b10c/attachment.sig>
---
Next in thread (2 of 3): 🗣️ mbays (a) sdf.org (mbays (a) sdf.org)