💾 Archived View for rainywhile.net › gemlog › 2023-07-23-misfin.gmi captured on 2024-12-17 at 09:40:00. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-09-29)
-=-=-=-=-=-=-
Misfin is a relatively new protocol defined by lem here:
There's more details on the official capsule, but the short version is that it's essentially 'Gemini email'. If you've implemented a Gemini server then it should be pretty simple to refactor that to support a basic version of a Misfin server too. (I say a basic version, because implementing certificate verification is a bit trickier and I feel that the spec could do with some clarifications in that area).
Misfin uses gemtext (text/gemini) as its message format, so once you have a functioning Misfin server, it's simple to set up a 'webmail'-style interface on your capsule for reading messages.
For thoughts/questions on the spec, as far as I can tell the main conversations happen on bbs.geminispace.org:
I posted a few of my thoughts/queries in this thread:
- thank you to jeang3nie for helping me with some of those!
Just as Gemini doesn't fix all the problems of the web (and doesn't try to), Misfin doesn't fix all the problems of email. As the spec is still in its early stages though, it's worth discussing the things it doesn't fix, in case there's a way to fix them without adding too much complexity to the protocol.
Misfin's use of certificates makes it harder to pretend to be someone else when sending spam, but it doesn't really offer anything other than email-style blocklists and filtering to actually prevent spam completely. One of the manifesto points of Misfin is to avoid the modern email situation, where large providers indiscriminately block emails from small mail servers to control spam and it's not clear how Misfin could avoid the same problem if it were to ever take off in a big way. Similarly to Gemini though, the ease of self-implementation and self-hosting (plus the likely real-life scale and lack of commercial incentives) may help to ensure that's less of an issue.
Another potential issue is that, like Gemini, less technically inclined users are likely to be reliant on open providers for hosting their Misfin mailboxes. The easiest way to handle this (again, for a non-technical audience) would be for the host to generate your mailbox certificate and then let you download it for use in your client (along with the private key). A friendly host could then delete the private key, but an unfriendly one could keep it and impersonate you. A large Misfin mail host could theoretically also be in a position not dissimilar to large email providers, where they have both the technical means and a financial incentive to read user's private messages and insert advertising based on the user and their contacts on the same host. Again, the protocol is unlikely to take off to the extent where this is a real problem, but it's worth keeping in mind.
Despite the above negativity, I think Misfin is a good idea and worth looking into. It's relatively simple to implement and integrates nicely with Gemini for viewing messages. Gemtext is also a nice middle ground between the perhaps excessive complexity of HTML emails, and the perhaps excessive simplicity of plaintext emails.
Want to discuss this post? Discuss other posts on my capsule? Talk about my photos? Ask me a question? Just want to see if your Misfin implementation works? As well as the contact link on my capsule homepage, you can now send me messages via Misfin and I can reply (assuming I've implemented my Misfin server and client correctly, of course...)
misfin://contact@misfin.billsmugs.com
If you think you've encountered a bug, or you're struggling to send to this address, please let me know via my existing Gemini-based contact method (include your Misfin or email address in the message if you want a response):
This uses a standard Gemini input prompt
I've replaced the certificates on misfin.billsmugs.com - previously the CA for the server had no UserID field (as I didn't intend to use it for sending messages), but that goes against the spec and at least one server rejected my verification message because of it ("62 certificate lacks userid").