💾 Archived View for bbs.geminispace.org › u › CarloMonte › 21549 captured on 2024-12-17 at 15:53:37. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "Enhancing Gemini’s TOFU Model with Convergence: A Proposal..."
Please don't resurrect GPG. Joke apart, the proposed scheme lacks transparency and simplicity, which Gemini explicitely promotes at the expense of security.
Nov 05 · 6 weeks ago
👻 mediocregopher [...] · Nov 05 at 07:21:
All "problems" with TOFU can be solved with DANE. It would require no changes to Gemini servers or their certificates at all, and can be an optional check performed by clients. It relies on existing infrastructure (DNS, DNSSEC), and is already a standard with many different implementations existing and wide-usage as a security mechanism for email.
There's no need to introduce something new. I'm not even sure there's need to introduce something at all; TOFU works fine for gemini, it's not like we're doing our banking here.
Are there really users out there that want more secure Gemini? Or is this just a tech/programmer desire to expand the protocol? I think the idea of security also depends on the use case of a technology; if I use technology for the fun of it, why would it need to be secure? For me Gemini is enjoyable because it doesn't need to be secure, there aren't countless password, 2fa, captcha etc..
I agree with @mediocregopher - we already have DANE, which is decentralized as well, and actually already a part of gemini spec as a recommendation for clients as an additional security measure for validating certificates.
Is there a spec for this Convergence scheme? From the information in the links, I expect that it's too complicated to have a chance of being adopted by gemini developers (and the same probably goes even for the simplest notary schemes).
I did find Moxie's criticisms of DANE in the second link interesting, by the way.
☕️ tenno-seremel · Nov 06 at 07:28:
@daruma Because otherwise an ISP can MitM you and censor or add any data (which you’d think comes from someone else’s mouth), or feed your system a 0-day exploit to monitor you better. Although I don’t think the thing that OP suggests is a solution I’d want.
Enhancing Gemini’s TOFU Model with Convergence: A Proposal for Decentralized, Collaborative Certificate Validation — The Gemini protocol’s minimalist, privacy-focused design is a refreshing alternative to the traditional, often bloated web. Its reliance on Trust on First Use (TOFU) brings much-needed decentralization and reduces dependence on Certificate Authorities (CAs). However, as Daniel Stenberg and others have pointed out, TOFU has inherent vulnerabilities. Specifically, it requires users...