💾 Archived View for midnight.pub › replies › 5935 captured on 2024-08-25 at 03:15:36. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-03-20)
-=-=-=-=-=-=-
At this point, there's little or no use of Gemini for anything sensitive, and we haven't yet reached the point where it's profitable for ISPs to MITM Gemini streams to inject ads.
Which is all to say, you're 100% correct, but what's the alternative? A lot of clients are pretty lax about TOFU handling for server certs, but e.g. Lagrange at least warns you that it's changed. It could be more stern in the warning, but the truth is that the way Gemini server admins mostly use certs is not really compatible with TOFU - they don't use long-lived certs, and they don't really provide a way to know when a cert change is legitimate. We (people on the old mailing list) originally foresaw the Gemini TOFU use of certificates working like SSH certs... but it hasn't worked out that way.
The onliest thing I see to do without sacrificing compatibility is to set up multiple certificate "observatories" in different locations that you can query when a cert changes. Then you can answer at least the questions of "is everyone seeing this same changed cert?" and "when did this cert change?" As well as, for new sites, "is this the first cert anyone ever saw for this site?"