💾 Archived View for bbs.geminispace.org › u › daruma › 21551 captured on 2024-12-17 at 15:53:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "Enhancing Gemini’s TOFU Model with Convergence: A Proposal..."
Are there really users out there that want more secure Gemini? Or is this just a tech/programmer desire to expand the protocol? I think the idea of security also depends on the use case of a technology; if I use technology for the fun of it, why would it need to be secure? For me Gemini is enjoyable because it doesn't need to be secure, there aren't countless password, 2fa, captcha etc..
Nov 05 · 6 weeks ago
I agree with @mediocregopher - we already have DANE, which is decentralized as well, and actually already a part of gemini spec as a recommendation for clients as an additional security measure for validating certificates.
Is there a spec for this Convergence scheme? From the information in the links, I expect that it's too complicated to have a chance of being adopted by gemini developers (and the same probably goes even for the simplest notary schemes).
I did find Moxie's criticisms of DANE in the second link interesting, by the way.
☕️ tenno-seremel · Nov 06 at 07:28:
@daruma Because otherwise an ISP can MitM you and censor or add any data (which you’d think comes from someone else’s mouth), or feed your system a 0-day exploit to monitor you better. Although I don’t think the thing that OP suggests is a solution I’d want.
Enhancing Gemini’s TOFU Model with Convergence: A Proposal for Decentralized, Collaborative Certificate Validation — The Gemini protocol’s minimalist, privacy-focused design is a refreshing alternative to the traditional, often bloated web. Its reliance on Trust on First Use (TOFU) brings much-needed decentralization and reduces dependence on Certificate Authorities (CAs). However, as Daniel Stenberg and others have pointed out, TOFU has inherent vulnerabilities. Specifically, it requires users...