💾 Archived View for station.martinrue.com › eaplmx › 67d3c370d85a4ff3a1d1a1bd017e63e7 captured on 2023-09-08 at 17:25:24. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-07-22)

➡️ Next capture (2023-09-28)

🚧 View Differences

-=-=-=-=-=-=-

👽 eaplmx

If it's working, don't fixit... Yesterday I was thinking on the Encryption/TLS problem on Gemini, compared with Spartan. What could be the simplest way to ensure privacy whilst we transfer info? A public cert for the user requesting to encrypt the received info... Interesting question, but I think Gemini works pretty well as it is. What do you think?

2 months ago

Actions

👋 Join Station

4 Replies

👽 eaplmx

A VPN could be a good option for using HTTP or Spartan, with improved privacy, at least with your immediate network.

Forward-secrecy is a really important point, mainly when we are exchanging sensitive information, although I think for this thought exercise, we are looking for a compromise between not having a whole TLS and having 'enough' and simple privacy for public content, but yeah, it's something to have a deeper thought.

https://en.wikipedia.org/wiki/Forward_secrecy#Attacks

Aaaand, yeah, we need a certificate for the server, and that's when having Root Certificates, centralizated authentication and such, makes this exercise a bit harder.

Thanks for your replies :) · 2 months ago

👽 mozz

How about using a VPN? · 2 months ago

👽 totroptof

Client certificates render requests by a single user trackable over time and between services, and static keys don't allow for forward-secrecy. If privacy and not authentication is your goal, anonymous key exchange like Diffie-Hellman seems like a better foundation IMO. · 2 months ago

👽 arkaeriit

If the user is the only party with cetificate, there is no way to ensure the authenticity of the server. · 2 months ago