💾 Archived View for bbs.geminispace.org › u › skyjake › 1733 captured on 2024-12-17 at 14:54:52. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-05-26)
-=-=-=-=-=-=-
Re: "How does one verify someone's identity is what they claim..."
I assume one could add a fingerprint of their identity to their own site?
A client certificate fingerprint that is corroborated from a secondary source might help a server verify your identity, but it's of limited use to other people, since you're not sending your certificate to them, only privately to the server.
2023-06-09 · 2 years ago
🦎 Akselmo [OP] · 2023-06-09 at 08:32:
I see, thanks. Two way links seem the way to go. Also my cert is from letsencrypt, and Keyoxide shows it as mine as well.
🚀 jsreed5 · 2023-06-09 at 20:25:
For what it's worth, I use one client certificate everywhere, and I publish the SHA1 and SHA256 fingerprints of that certificate on my capsule. Unfortunately this is only useful to those who can see details about my certificate--which in practice is almost exclusively capsule operators. I think it would be handy if more capsules publicly displayed user certificate fingerprints (or gave the option to do so).
☕️ Morgan · 2023-06-10 at 07:33:
@jsreed5
Yes, that's the biggest missing piece I think.
🚀 stack · 2023-06-10 at 14:48:
Client certificates and TOFU are pretty much pointless as far as security or authentication goes (although makes it a tiny bit easier to track a session for a game, or lock up some resource only you yourself can see).
How does one verify someone's identity is what they claim to be? — Basically, if someone else would make new identity after my name, how one could know it's not, well, me? Like for PGP there is keyoxide. [https link] Is there something similar for geminispace? I assume one could add a fingerprint of their identity to their own site?