💾 Archived View for bbs.geminispace.org › u › kotovalexarian › 14922 captured on 2024-03-21 at 20:08:59. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
I use the same TLS certificate by Let's Encrypt for both my website and my Gemini capsule. So clients may verify the full TLS chain. I'm not sure whether they do it, at least Amfora have already warned me that the certificate changed, but it's a problem with clients, not with the protocol or my approach.
Feb 12 · 5 weeks ago
Encryption is a hell — Gemini encription is somewhat unusual. It relies on TOFU (trust on first use) principle. Suppose my provider is a jackass and he is implementing a MitM attack on all gemini connections, then my gemini program will not notice and all gemini capsules from this network perspective will be compromised. And if I use VPN after that, I will get warnings about certificate change. Than I have to guess where MitM attack was happened? Is it my provider messing with that, or is it a...