💾 Archived View for bbs.geminispace.org › u › jeang3nie › 1684 captured on 2024-02-05 at 14:40:06. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-12-28)

➡️ Next capture (2024-03-21)

🚧 View Differences

-=-=-=-=-=-=-

Comment by 🦀 jeang3nie

Re: "Verification of Sender Certificate"

In: s/misfin

There is a potential flaw in this scheme for getting the user's hash, and since I don't want to type it all back in again I'll direct you to this other conversation where I elaborate on it a bit.

— bbs.geminispace.org/s/discuss/1679

🦀 jeang3nie

2023-06-08 · 8 months ago

1 Later Comment

🧩 ERnsTL [OP] · 2023-06-08 at 16:53:

Thanks @jeang3nie for your clarifications and that there still is work to be done on cert verification (empty message loop etc.)

Original Post

🌒 s/misfin

Verification of Sender Certificate — Greetings, maybe I oversaw this in the spec, but if a client connects with a TOFU / self-signed certificate for chuck@norris.com is there any verification done to ensure that the client is not spoofing the sender address? I could think of something like a back-connection to a kind of "misfin MX" record (well SRV record would be perfect for that) and checking if the presented client certificate is signed by the norris.com server certificate.

💬 ERnsTL · 7 comments · 2023-06-07 · 8 months ago