💾 Archived View for bbs.geminispace.org › u › stack › 6005 captured on 2024-02-05 at 14:41:57. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-12-28)

➡️ Next capture (2024-03-21)

🚧 View Differences

-=-=-=-=-=-=-

Comment by 🚀 stack

Re: "I was thinking about ways to sign a gemtext message with a..."

In: u/cquenelle

My gem-fu is not good either, but what would that prove? By looking at a gemini site you have a TOFU guarantee that the site operator is the same one every time you visit the site. Anything posted by that site is always encrypted using their key, and verified by your browser to be the same key as when you first visited that site (TOFU). This acts as a defacto signature, as you would not be able to decrypt and look at the message without a proper public key matching that site.

If the site hosts many users which share the same (server) certificate, I suppose a malicious user could find a way to impersonate another user on the same site. I am not sure how tilde servers manage certifs.

🚀 stack

2023-10-07 · 4 months ago

8 Later Comments ↓

☕️ Morgan · Oct 08 at 20:08:

Possibly you are referring to this?

— circadian.gemlog.org/2023-06-11-identity-again-visual-hashing.gmi

A visual hash of your key doesn't work like a cryptographic signature, it only works if servers you already trust show it. So for example Bubble could show visual hashes and Station could too and then you could compare users if you trust both. It has limited value on self-hosted capsules since you can post what you like :)

Anyway, there wasn't enough interest in the idea for it to go anywhere, which is fair enough :) it's not exactly pressing given the current Gemini population does not seem inclined to either trolling or imitation.

🍀 gritty · Oct 09 at 12:16:

I don't remember the post but I think the consensus was to have backlinks to places you own.

🍀 gritty · Oct 09 at 12:18:

there's also this subspace for sharing keys:

gemini://bbs.geminispace.org/s/PGP

🐵 cquenelle [OP] · Oct 13 at 04:22:

I look at a public key like a name. I can say I am Fred Brown, but if you see Fred Brown on another site you don’t even know if they are *claiming* to be the same person. Think of it like a fully qualified name. I can add it to my local address book with your alias on our shared web site, and if I see it someplace else i will know it is supposedly trying to be the same person. It’s also like an email address. Someone else can use my email address to create a login, but they won’t be able. To prove they control it. By signing something I can prove I control my public key.

🐵 cquenelle [OP] · Oct 13 at 04:26:

If I trust the BBS web site then the site can display a verified user supplied public key associated with a user on the site. So the site can make the claim that login=fred is the same as key=ABCXYZ. If other sites that I trust also have a login that seems to talk like Fred with the same verified public key, then I know it’s the same person. If another site spoofs Fred’s key and uses it without his authorizing it, it doesn’t make his key useless, it just spoils my trust in that site.

🐵 cquenelle [OP] · Oct 13 at 04:29:

Step 1) A user friendly, transportable public key. Step 2) Social sites let me voluntarily validate the key using the site and the site announces it on my profile page. Step 3) clients add features that can copy/paste the keys into a client-local address book. Step 4) user friendly transportable identity, the low tech way!

☕️ Morgan · Oct 13 at 06:19:

That was pretty much the idea, yes. Rather than share the public key I proposed hashing again then sharing only part, that makes it really only useful for matching identities.

You still have the problem that users could post e.g. to Bubble claiming particular hash. You have to have a "known trusted place" e.g. user profile where the server shares it correctly, and teach people to trust only that.

I think the key advantage to the accepted "link both from somewhere you control" method is that posting hashes does not favour personal capsule owners, instead it relies on trustworthy shared/social capsules.

Thanks.

🐵 cquenelle [OP] · Oct 13 at 13:46:

I guess I see the problem in two parts. 1) who is this person *claiming* to be? 2) Do I trust the claim?

For step one we need a global unique name (that’s provable). For step two it will always be a grey area depending on what sites you personally trust. Different people will trust different sites.

Original Post

🐵 cquenelle

I was thinking about ways to sign a gemtext message with a key and I remember a post a while back talking about posting keys. But my gemsearch king-fu is weak. Can anyone help me? I remember they had the idea of a pictograph for a public key. Maybe I’d want another pictograph for the digest signature? (I know my terminology is wrong there.)

💬 9 comments · 2023-10-07 · 4 months ago