Hi! I think that people find TOFU controversial because it removes the ability for clients to verify the authenticity of servers they've never connected to before and it prevents servers from ever being able to change certificates. I think that both of these issues are solvable while keeping with the spirit of Gemini. xq (on IRC) proposed the concept of 'distributed trust' lists, which are simply lists associating domains with public keys (i.e. their hashes). Gemini servers and clients can then distribute and verify trust lists, and can even merge trust lists from different sources together. This neatly solves the first problem, by allowing clients to check their trust lists to determine the public key of a server and so to authenticate them even in the first connection. Here's xq's post about their idea: => gemini://random-projects.net/blog/2021-03-03-distributed-trust.gemini I propose an extension to this, which allows servers to announce their intention (in a verifiable way) to change certificates in the near future. Essentially, servers now provide (over Gemini) a '/.pubkey' URL where they serve the hash of the public key they will use in the near future (which may be the same as the public key they use right now). Clients can periodically request '/.pubkey' to check if the server intends to change their pubkey soon. In later connections, the server will either use the current pubkey or the previously-announced future pubkey - if clients see the latter being used, they know that the server has transitioned to using this future pubkey and so can drop the previous pubkey. This provides a safe method for verifying server certificates, even when they are rotated. There are a few more details, which you can read about on my blog post: => gemini://gemini.ctrl-c.club/~aravk/blog/2021-03-04-distributed-trust.gmi The exact format used and various smaller details can be tweaked as we see fit, but I'm looking for thoughts on the general concept. I know that there are some voices for permanently using a single certificate, but I personally prefer rotating certs and I think that the perma-cert people don't lose out at all in this. Any (constructive) feedback is appreciated. ~aravk | ~nothien
---
Next in thread (2 of 17): 🗣️ Drew DeVault (sir (a) cmpwn.com)