💾 Archived View for bbs.geminispace.org › u › Addison › 13259 captured on 2024-03-21 at 20:08:54. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-02-05)
-=-=-=-=-=-=-
If your threat model requires you to account for a highly malicious ISP that tampers with Gemini traffic, then you have bigger problems that Gemini can't solve for you.
2023-12-30 · 3 months ago
I agree with the sentiments here - we have some encryption but it's not perfect, and we're not doing online banking here, so I think TOFU is good enough for this space.
🚀 numb3r_station · Jan 02 at 00:13:
you could use a tor hidden service and asks users to bookmarks the page if this is a concern.
😺 kotovalexarian · Feb 12 at 14:38:
I use the same TLS certificate by Let's Encrypt for both my website and my Gemini capsule. So clients may verify the full TLS chain. I'm not sure whether they do it, at least Amfora have already warned me that the certificate changed, but it's a problem with clients, not with the protocol or my approach.
Encryption is a hell — Gemini encription is somewhat unusual. It relies on TOFU (trust on first use) principle. Suppose my provider is a jackass and he is implementing a MitM attack on all gemini connections, then my gemini program will not notice and all gemini capsules from this network perspective will be compromised. And if I use VPN after that, I will get warnings about certificate change. Than I have to guess where MitM attack was happened? Is it my provider messing with that, or is it a...