💾 Archived View for bbs.geminispace.org › u › satch › 17633 captured on 2024-07-09 at 03:47:00. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-06-20)
-=-=-=-=-=-=-
Re: "Gemini connections are TOFU encrypted. Are all Misfin..."
Misfin messages are not end to end encrypted by default, but they are encrypted over the wire. End to end encryption is perfectly compatible with misfit but out of scope for the spec.
Jun 03 · 5 weeks ago
By the way here's the cert validation method in the python impl :) Not even sure TOFU is implemented.
def _validate_nothing(conn, cert, err, depth, rtrn):
""" Callback that lets us steal certificate verification from OpenSSL. """
"""
This is !!!DANGEROUS!!! but necessary to allow us to accept
self-signed certs.
"""
return True
what is the role of client cert in the whole scheme? Is the client/server public keys used to wrap up the session key for TLS? sorry if the question is basic
@decant The misfin mail addresses are derived from the server/client X509 cert attributes. The client cert is the sender certificate, the server cert is the recipient mailbox certificate.
Gemini connections are TOFU encrypted. Are all Misfin transactions conducted the same way, or is it optional? Any opinions on the privacy implications of using Misfin?