💾 Archived View for station.martinrue.com › haze › 0d4de70f8e774d13a055d13ad32f8eb3 captured on 2024-05-12 at 17:24:30. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-11-04)

-=-=-=-=-=-=-

👽 haze

What's a good solution for Gemini certifcates? Currently we do TOFU but they do go expire and owners not updating. And there's no public revcoation list to avoid stolen certs.

Maybe the community should start a CA? But that gets us back to square 1.

I guess the stake is not that high on Gemini.

2 years ago · 👍 syntheist, acidus

Actions

👋 Join Station

7 Replies

👽 syntheist

Create a self-signed cert that last 10 years, or however long you want. Then forget about it and go about your life.

I am currently using an auto-renewed LetsEncrypt cert, running a webserver on the same domain name to make it possible (I know there are other solutions, but on OpenBSD that's a stupid simple way), but I think I'll just create a self-signed cert instead, and avoid the prompt every time LetsEncrypt have been doing its job. · 2 years ago

👽 stacksmith

Use Spartan and forget about fake security where we don't need it? · 2 years ago

👽 haze

@skyjake I think not able to verify certs is not a problem? In that case self signed certs looks exactly like CA verified certs to the client.

I had to agree that we might need some centralized authority. Trusting while fully decentalizing is very hard. We definatelly don't want to go the blockchain route. · 2 years ago

👽 haze

@adou2 That's what I'm thinking too. CAs are a very cheap solution for trust. Then the problem becomes: Who gets to sign and revoke the certificates. And how we (Gemini users) know we can trust that CA.

It works on the web because there's lot's on money at steak. But virtually 0 on Gemini.

I don't think Gemini will ever have a Benevolent Dictator For Life. The protocol is so locked down that there isn't much even Solderpunk can do. (Uniess we get ALPN involved and make Gemini/2 from there. Which I bet will face a huge backlash) · 2 years ago

👽 adou2

Maybe a CA is a good idea? Some sort of ruling body, somehow democratically elected (but I have trouble imagining how to create and control the electorate), which could take this kind of decision, or decide small evolutions in the protocol itself, as Solderpunk seems distant (we still wait for the February announcement, BTW).

I'm not a fan of the Benevolent Dictator For Life system that is so common in the FLOSS-verse. · 2 years ago

👽 skyjake

(continued)

nicely decentralized

Whereby I mean that the repository could be replicated without worrying about losing integrity or history, but there's still the question of who gets to have write access to the authoritative main repo. The community would have to trust a (group of) person(s) with this, and they would effectively become a CA of sorts.

I don't know what would be the process of submitting certificates for revocation, though. It would have to involve proof of possessing the private key of the certificate. · 2 years ago

👽 skyjake

I think the least-bad solution is self-signed certificates that last a reasonably long time, i.e., minimum one year. Getting CAs involved adds complexity and (possibly) fees. Let's Encrypt is a viable choice, but increases the technical burden of server admins, and not all clients can verify the certs.

Certificate revocation is something that Geminispace is lacking infrastructure for. In the end, I think there has to be some sort of a centralized entity, perhaps a trusted Git repository, that is readable by all and whose veracity can be verified by all, so that clients can use it to update their revocation lists. Using Git would make it nicely decentralized, and trustable via PGP. · 2 years ago