💾 Archived View for bbs.geminispace.org › u › istvan › 18365 captured on 2024-07-09 at 03:01:06. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2024-08-19)

-=-=-=-=-=-=-

Comment by 💎 istvan

Re: "Just found out this was a thing. I am very curious about..."

In: u/kebokyo

It’s trusted as a first appearance.

The first time you meet someone/some site it is stored as what this should look like. If it ever changes, that’s where you throw a warning.

💎 istvan

Jul 07 · 2 days ago

1 Later Comment

🕹️ skyjake [...] · Jul 07 at 04:16:

can self-signed [client] certificates be trusted?

Essentially, these provide proof (to a server) that the client is in possession of the (supposedly) secret and unique private key of the certificate. No other information contained in the client certificate can be trusted, by default.

You could certainly act as your own CA and do the whole certificate signing process on your client certificates, to prove that a particular client certificate was created by your CA, i.e., based on a particular CA root certificate. However, any server wishing to verify this signature would have to be provided your CA root certificate beforehand. I don't know of any Gemini server that supports such a thing out of the box.

Original Post

⛵️ kebokyo [...]

Just found out this was a thing. I am very curious about the whole "client identity" system... can self-signed certificates be trusted? Wonder if there's a way to sign a certificate on, say, my VPS, and use that certificate to verify my identity. I really want to nerd out about this lol

💬 2 comments · Jul 06 · 2 days ago