๐พ Archived View for bbs.geminispace.org โบ u โบ skyjake โบ 1733 captured on 2023-07-22 at 17:56:55. Gemini links have been rewritten to link to archived content
โก๏ธ Next capture (2023-09-08)
-=-=-=-=-=-=-
Re: "How does one verify someone's identity is what they claim to be?"
I assume one could add a fingerprint of their identity to their own site?
A client certificate fingerprint that is corroborated from a secondary source might help a server verify your identity, but it's of limited use to other people, since you're not sending your certificate to them, only privately to the server.
2023-06-09 ยท 6 weeks ago
I see, thanks. Two way links seem the way to go. Also my cert is from letsencrypt, and Keyoxide shows it as mine as well.
For what it's worth, I use one client certificate everywhere, and I publish the SHA1 and SHA256 fingerprints of that certificate on my capsule. Unfortunately this is only useful to those who can see details about my certificate--which in practice is almost exclusively capsule operators. I think it would be handy if more capsules publicly displayed user certificate fingerprints (or gave the option to do so).
@jsreed5
Yes, that's the biggest missing piece I think.
2023-06-10 ยท 6 weeks ago
Client certificates and TOFU are pretty much pointless as far as security or authentication goes (although makes it a tiny bit easier to track a session for a game, or lock up some resource only you yourself can see).
How does one verify someone's identity is what they claim to be? โ Basically, if someone else would make new identity after my name, how one could know it's not, well, me? Like for PGP there is keyoxide. [https link] Is there something similar for geminispace? I assume one could add a fingerprint of their identity to their own site?