💾 Archived View for bbs.geminispace.org › u › zeerooth › 21555 captured on 2024-12-17 at 15:53:39. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "Enhancing Gemini’s TOFU Model with Convergence: A Proposal..."
I agree with @mediocregopher - we already have DANE, which is decentralized as well, and actually already a part of gemini spec as a recommendation for clients as an additional security measure for validating certificates.
Nov 05 · 6 weeks ago
Is there a spec for this Convergence scheme? From the information in the links, I expect that it's too complicated to have a chance of being adopted by gemini developers (and the same probably goes even for the simplest notary schemes).
I did find Moxie's criticisms of DANE in the second link interesting, by the way.
☕️ tenno-seremel · Nov 06 at 07:28:
@daruma Because otherwise an ISP can MitM you and censor or add any data (which you’d think comes from someone else’s mouth), or feed your system a 0-day exploit to monitor you better. Although I don’t think the thing that OP suggests is a solution I’d want.
Enhancing Gemini’s TOFU Model with Convergence: A Proposal for Decentralized, Collaborative Certificate Validation — The Gemini protocol’s minimalist, privacy-focused design is a refreshing alternative to the traditional, often bloated web. Its reliance on Trust on First Use (TOFU) brings much-needed decentralization and reduces dependence on Certificate Authorities (CAs). However, as Daniel Stenberg and others have pointed out, TOFU has inherent vulnerabilities. Specifically, it requires users...