💾 Archived View for bbs.geminispace.org › u › jsreed5 › 1771 captured on 2023-07-22 at 17:56:58. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "How does one verify someone's identity is what they claim to be?"
For what it's worth, I use one client certificate everywhere, and I publish the SHA1 and SHA256 fingerprints of that certificate on my capsule. Unfortunately this is only useful to those who can see details about my certificate--which in practice is almost exclusively capsule operators. I think it would be handy if more capsules publicly displayed user certificate fingerprints (or gave the option to do so).
2023-06-09 · 6 weeks ago
@jsreed5
Yes, that's the biggest missing piece I think.
2023-06-10 · 6 weeks ago
Client certificates and TOFU are pretty much pointless as far as security or authentication goes (although makes it a tiny bit easier to track a session for a game, or lock up some resource only you yourself can see).
How does one verify someone's identity is what they claim to be? — Basically, if someone else would make new identity after my name, how one could know it's not, well, me? Like for PGP there is keyoxide. [https link] Is there something similar for geminispace? I assume one could add a fingerprint of their identity to their own site?