1 upvotes, 0 direct replies (showing 0)
View submission: Certificates on both sides
if you go to a domain you trust it
It's not just that you trust the domain, it's that you can verify that what you are hearing from the domain is indeed from the person whom you trusted initially.
So you know that the data is not modified in any manner that the domain did not intend on it being modified in.
What happens in gemini land when two browsers use the same client certificate on the same server at the same time?
Depends on the logic of the server. In most cases the server will see the two clients as being the same person. Perhaps we are speaking about someone at some site both on their PC and mobile device.
In fact I can confirm that this is what happens because I can open Station on both my computer I'm typing this on and on my mobile device and the client certificate is the same between both. Station is indicating that it is indeed I on both devices.
And that makes sense, because all the client certificate does is ensure that the trusted person is indeed the person sending the traffic and that the traffic is indeed the traffic the trusted person sent.
For Tox it makes sense why each public key on the network needs to be unique. There's a point in being able to tell the difference between not only a person, but the hardware the person is using. If I call your tox client on your mobile device, I need that device to ring, not just any device that you happen to have.
A client certificate just ensures the identity of the traffic that's coming down the channel. You can make that identity a device, a person, a group, etc... It's up to whoever is implementing to define that aspect.
That's why reading the standard is important on each protocol. It is there to convey how things should be understood and to encourage a particular use-case of a protocol.
There's nothing here!