💾 Archived View for bbs.geminispace.org › u › gemalaya › 17634 captured on 2024-06-20 at 11:56:27. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-06-16)
-=-=-=-=-=-=-
Re: "Gemini connections are TOFU encrypted. Are all Misfin..."
By the way here's the cert validation method in the python impl :) Not even sure TOFU is implemented.
def _validate_nothing(conn, cert, err, depth, rtrn):
""" Callback that lets us steal certificate verification from OpenSSL. """
"""
This is !!!DANGEROUS!!! but necessary to allow us to accept
self-signed certs.
"""
return True
Jun 03 · 2 weeks ago
what is the role of client cert in the whole scheme? Is the client/server public keys used to wrap up the session key for TLS? sorry if the question is basic
@decant The misfin mail addresses are derived from the server/client X509 cert attributes. The client cert is the sender certificate, the server cert is the recipient mailbox certificate.
Gemini connections are TOFU encrypted. Are all Misfin transactions conducted the same way, or is it optional? Any opinions on the privacy implications of using Misfin?