💾 Archived View for sdf.org › xyz › gemini › txt › gemini_TOFU.gmi captured on 2022-06-03 at 23:08:46. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
27-04-2021
Gemini uses TLS and it is common practice for Gemini clients to use self-signed certificates and TOFU.
No dependency on centralized CAs.
TOFU seems to work pretty well for SSH.
AFAIK not many people actively verify host fingerprints on first use.
It doesn't protect against MITM attacks on the first connection,
but I wonder if that's not a case of better being the enemy of good to some extent?
Короче, ничто не мешает третьим лицам совершить MITM атаку при первом соединения пользователя с gemini-сервером.