💾 Archived View for rawtext.club › ~sloum › geminilist › 000637.gmi captured on 2020-10-31 at 01:43:08. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
Dave Huseby dwh at vi.rs
Thu May 14 22:09:04 BST 2020
- - - - - - - - - - - - - - - - - - - ``` On Thu, May 14, 2020, at 1:57 PM, solderpunk wrote: > On Thu, May 14, 2020 at 01:27:55PM -0700, Dave Huseby wrote: > > > This is a great reply. I never troll, I was just trying humor to dissuade Sean but he didn't catch the hint and doubled down. I have no patience for people who cannot be bothered to be neighborly. I've been around in open source long enough to know that trolls like Sean are like graffiti. If you tolerate them, the trolling only gets worse and eventually leads to ruining the neighborhood. > > I have to admit to being really confused by this. I thought that Sean > absolutely took your post in the spirit it was intended and replied > well, in that same spirit, and better than I'd hoped. I felt like I'd > stepped in prematurely to try to settle things down. If this is as bad > as the trolling gets around here, I'll be pretty happy. Noted. Moving on : ) > And for the record, Sean has done a lot to *improve* this neighbourhood > so far. I did notice this. > > My only real criticism for Gemini is that it relies on TLS. I personally believe that all communications should be encrypted by default. Gemini insisting on encryption is good but going with TLS is bad when there are much better choices such as CurveCP. > > I'm writing a gemlog post right now which talks about a whole lot of > things related to TLS, including some attempt to justify the decision to > use it. It'll be up soon, and I hope you'll read it. I surely will. I'm curious about your thinking. > > Why shouldn't Gemini avoid relying on centralized solutions such as TLS and the CA system? > > It's true that not everybody (including myself) has properly implemented > it yet, but Gemini *does* deliberately and explicitly try to avoid > relying on the CA system by permitting clients to use a TOFU security > model. Surely you read that in the spec? Oops, I deleted some largely irrelevant parts of my reply that included me saying, "I get it that Gemini allows for self-signed certs but if you're going with TOFU as a primary requirement then why not Noise? CurveCP does have some TOFU limintations around knowing public keys ahead of time and through secure independent distribution." Looking forward to your gemlog. I wish we were using the term "mission log" instead, but meh, I'm indifferent. Cheers!Dave