💾 Archived View for bbs.geminispace.org › s › Gemini › 1729 captured on 2023-11-14 at 09:52:58. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
Basically, if someone else would make new identity after my name, how one could know it's not, well, me?
Like for PGP there is keyoxide.
https://keyoxide.org/akselmo%40akselmo.dev
Is there something similar for geminispace?
I assume one could add a fingerprint of their identity to their own site?
Jun 09 · 5 months ago
There is nothing comparable to keyoxide on Gemini.
There are manual ways to provide some assurance, like:
I assume one could add a fingerprint of their identity to their own site?
A client certificate fingerprint that is corroborated from a secondary source might help a server verify your identity, but it's of limited use to other people, since you're not sending your certificate to them, only privately to the server.
I see, thanks. Two way links seem the way to go. Also my cert is from letsencrypt, and Keyoxide shows it as mine as well.
For what it's worth, I use one client certificate everywhere, and I publish the SHA1 and SHA256 fingerprints of that certificate on my capsule. Unfortunately this is only useful to those who can see details about my certificate--which in practice is almost exclusively capsule operators. I think it would be handy if more capsules publicly displayed user certificate fingerprints (or gave the option to do so).
@jsreed5
Yes, that's the biggest missing piece I think.
Client certificates and TOFU are pretty much pointless as far as security or authentication goes (although makes it a tiny bit easier to track a session for a game, or lock up some resource only you yourself can see).