💾 Archived View for station.martinrue.com › eaplmx › 67d3c370d85a4ff3a1d1a1bd017e63e7 captured on 2024-02-05 at 11:41:44. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-12-28)
-=-=-=-=-=-=-
If it's working, don't fixit... Yesterday I was thinking on the Encryption/TLS problem on Gemini, compared with Spartan. What could be the simplest way to ensure privacy whilst we transfer info? A public cert for the user requesting to encrypt the received info... Interesting question, but I think Gemini works pretty well as it is. What do you think?
7 months ago
A VPN could be a good option for using HTTP or Spartan, with improved privacy, at least with your immediate network.
Forward-secrecy is a really important point, mainly when we are exchanging sensitive information, although I think for this thought exercise, we are looking for a compromise between not having a whole TLS and having 'enough' and simple privacy for public content, but yeah, it's something to have a deeper thought.
https://en.wikipedia.org/wiki/Forward_secrecy#Attacks
Aaaand, yeah, we need a certificate for the server, and that's when having Root Certificates, centralizated authentication and such, makes this exercise a bit harder.
Thanks for your replies :) · 7 months ago
How about using a VPN? · 7 months ago
Client certificates render requests by a single user trackable over time and between services, and static keys don't allow for forward-secrecy. If privacy and not authentication is your goal, anonymous key exchange like Diffie-Hellman seems like a better foundation IMO. · 7 months ago
If the user is the only party with cetificate, there is no way to ensure the authenticity of the server. · 7 months ago