💾 Archived View for bbs.geminispace.org › s › misfin captured on 2023-09-08 at 16:18:29. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-07-22)
-=-=-=-=-=-=-
Discussing the Misfin mail protocol
Questions about verification — I'm slightly confused by the verification flow on the receiving side for misfin(B). Apologies if some of these questions are already obvious in the spec/best practices/reference examples and I've just missed/misunderstood! I'm specifically trying to implement the case where the server's certificate is a self-signed CA and there may be multiple mailboxes (each with certs signed by that CA). My understanding My understanding of the process, starting from the end of...
💬 3 comments · 1 like · 2023-07-17 · 8 weeks ago
Message Size — How did this limitation of 2048 bytes happen? I am personally not sold on this size; I have generated some lorem ipsum text and even without characters using 2 or even 3 bytes... emoticons and accent letters or complex letters (Asia, India etc.) ... the 2048 bytes are about two or three longer paragraphs. If the point of Misfin is to gain wider traction, maybe look at 4096 bytes? Then there would be a big counter-argument less, and I presume acceptance would be better....
💬 13 comments · 1 like · 2023-07-04 · 2 months ago
Just read through the spec. It is interesting. I will give that it _is_ simple enough for an average developer to grok pretty easily. Unlike gemini, though, it does not seem to do much to counteract some email negatives. Ex: Since you don't need a mailserver to write outgoing mail (like smtp) it can lead to the folks writing scripts that gen a throwaway cert and spam a bunch of addresses, then gen a new cert: repeat; eventually leading to IP blocking. So we end up blocking certs and IP...
💬 3 comments · 1 like · 2023-07-03 · 2 months ago
just took some time to read up on this project after it came up on discogem. pretty excited for an initial release to test out.
💬 View post · 2023-06-29 · 2 months ago
As I'm working on my Misfin implementation, I'm also working up some ideas for how to best make a multi-user and possibly remote setup work, with respect to users being able to read their own mail (and only their own mail). I'm going to describe some half formed thoughts I've been kicking around and see if anyone has any thoughts on the subject. This is all going to be pretty much outside the spec, as I'm thinking in terms of storage and access to it. Note that this is all in the context of...
💬 4 comments · 2023-06-10 · 3 months ago
Verification of Sender Certificate — Greetings, maybe I oversaw this in the spec, but if a client connects with a TOFU / self-signed certificate for chuck@norris.com is there any verification done to ensure that the client is not spoofing the sender address? I could think of something like a back-connection to a kind of "misfin MX" record (well SRV record would be perfect for that) and checking if the presented client certificate is signed by the norris.com server certificate.
💬 7 comments · 2023-06-07 · 3 months ago
SRV records — Any thoughts on making SRV records part of the spec? I think it adds a lot of flexibility for the server operator without much cost and can be pretty beneficial when your ISP does something boneheaded like block port 1958.
💬 7 comments · 1 like · 2023-06-03 · 3 months ago
So I have a question about GemText in Misfin. The whitespace separating the < and the address is optional. This clarifies things for the sender line, but not receiver. Should the receiver line be accepted if the whitespace following the ':' is omitted? I like to err on the side of permissiveness for the sake of interop, but it would be great to have little holes in the spec like this plugged.
💬 1 comment · 2023-06-02 · 3 months ago
I was working on the Tofu verifier for my misfin library and it struck me how much more work it is from a developer standpoint than it would be to just use CA signed certificates. I know it's easier for the end user to set up a server without getting certificates, but with LetsEncrypt and Acme it's not really all that much work. I thought much the same when working with the Gemini spec a while back. In fact, I found a lot of projects when looking for examples where they were just using a dummy
💬 1 like · 2023-05-26 · 3 months ago
[gemini link] A new Misfin library project
💬 5 comments · 2 likes · 2023-05-24 · 4 months ago
Thoughts on the draft spec — Misfin is a nice idea, but I'm worried that it doesn't make sense to replace email with something lacking end-to-end encryption. A server on a multi-user system gets the plaintext of messages to its users. It's fine if you run the server on your own home server, but I guess that wouldn't be the typical configuration. I wonder if it would be feasible to work in a PGP-like mechanism using the same client key as in the client certificate... Some other little thoughts...
💬 10 comments · 3 likes · 2023-05-21 · 4 months ago
The more I think about Misfin, the more intrigued I am. After Lagrange v1.15.10 and Bubble v2 feature update, I am greatly tempted to try writing a Misfin server that runs as a GmCapsule extension.
💬 3 comments · 5 likes · 2023-05-17 · 4 months ago
— misfin://alexlehm@gemini.lehmann.cx
I have started my own misfin server in Java Not very far yet, but is compatible with the Python client to receive messages at least.
💬 2 likes · 2023-05-16 · 4 months ago
I was looking at the B spec and I found the sender line a bit surprising. would we not be able to skip that and trust the sender certificate instead? The sender line could of course be verified the sender certificate but for simplicity this can be skipped entirely. I guess it could be added by the server on arrival instead or stored as metadata
💬 1 comment · 2023-05-16 · 4 months ago
I'm glad there's now an dedicated place for discussion about misfin. I've been struggling to receive messages successfully, but just this morning I did (followed by lots of errors): gemini://satch.xyz/er.txt Do you know what might be going on? I'm running simply the reference implementation without any of my modifications (for the moment).
💬 6 comments · 2023-05-14 · 4 months ago
Gonna start posting updates here, don't want to spam Station too bad lol.
💬 2 likes · 2023-05-14 · 4 months ago
Howdy
💬 1 comment · 1 like · 2023-05-14 · 4 months ago