💾 Archived View for rawtext.club › ~sloum › geminilist › 006548.gmi captured on 2023-12-28 at 16:18:36. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[tech] Integrity checks for Gemini pages

nervuri nervuri at disroot.org

Thu May 20 14:35:06 BST 2021

- - - - - - - - - - - - - - - - - - -

On Wed, 2021-05-19, ew.gemini wrote:

Integrity in the sense of "the file remained unchanged in
transit"? TLS should take care of that.

Not necessarily. The connection can be dropped before the transfercompletes, or bits in the file can be flipped for various reasons.I think there is a place for simple, automated integrity checks - notjust in Gemini, but also on the Web (like SRI [1], but applicable to alllinks).

For Gemini, I once suggested using the URI fragment for this, as in"song.mp3#hash:sha256=...", which has the advantage of not requiringadditional network requests. Adding hashes to all links on your capsulewould not be worth the tedium, but you could use it to protect only afew larger files. It could work on links to third-party sites/capsulesas well. On mismatch, clients would warn that the file either waschanged or wasn't transferred correctly.

Another approach is to use a well-known file, such as.well-known/SHA256SUMS - like NetSigil [2], but without the signature,reducing it to just this bit of code:

> .well-known/SHA256SUMS```

Doing it this way would require clients to make an extra network requestevery once in a while - and most of these requests would fail.  Unusualrequests contribute to client fingerprinting, so this would not be goodfor implicit use.  It should only be done on explicit request by theuser.

Signatures are a more complete solution, but they're also more complex -harder for capsule admins to set up and for clients to support.

We could, as tidux suggests, use magnet (or IPFS) links for large filesinstead, as those protocols have integrity checking built-in.  However,this must be weighed against the added friction, both for server adminswho must install and configure additional software and for visitors whodon't have a BitTorrent or IPFS client installed.

[1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity[2] https://tildegit.org/nervuri/NetSigil