💾 Archived View for bbs.geminispace.org › u › AnoikisNomads › 13246 captured on 2024-02-05 at 12:17:24. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2024-03-21)

-=-=-=-=-=-=-

Comment by 👤 AnoikisNomads

Re: "Encryption is a hell"

In: s/Gemini

@adicus to add: i realized my last sentenced can be read in several ways: I'm _extremely_ grateful for your tool and didn't mean to dismiss the efforts

👤 AnoikisNomads

2023-12-30 · 5 weeks ago

4 Later Comments ↓

🐐 drh3xx · Dec 30 at 17:37:

Could always support optional DNS verification of cert thumbprint similar to ssh key validation either with the same RR type or yet another TXT entry?

🐝 Addison · Dec 30 at 19:48:

If your threat model requires you to account for a highly malicious ISP that tampers with Gemini traffic, then you have bigger problems that Gemini can't solve for you.

🍀 gritty · Dec 30 at 20:22:

I agree with the sentiments here - we have some encryption but it's not perfect, and we're not doing online banking here, so I think TOFU is good enough for this space.

🚀 numb3r_station · Jan 02 at 00:13:

you could use a tor hidden service and asks users to bookmarks the page if this is a concern.

Original Post

🌒 s/Gemini

Encryption is a hell — Gemini encription is somewhat unusual. It relies on TOFU (trust on first use) principle. Suppose my provider is a jackass and he is implementing a MitM attack on all gemini connections, then my gemini program will not notice and all gemini capsules from this network perspective will be compromised. And if I use VPN after that, I will get warnings about certificate change. Than I have to guess where MitM attack was happened? Is it my provider messing with that, or is it a...

💬 nikhotmsk · 7 comments · 2023-12-30 · 5 weeks ago