nothien at uber.space nothien at uber.space
Fri Mar 5 12:33:49 GMT 2021
- - - - - - - - - - - - - - - - - - -
Hi!
I think that people find TOFU controversial because it removes theability for clients to verify the authenticity of servers they've neverconnected to before and it prevents servers from ever being able tochange certificates. I think that both of these issues are solvablewhile keeping with the spirit of Gemini.
xq (on IRC) proposed the concept of 'distributed trust' lists, which aresimply lists associating domains with public keys (i.e. their hashes).Gemini servers and clients can then distribute and verify trust lists,and can even merge trust lists from different sources together. Thisneatly solves the first problem, by allowing clients to check theirtrust lists to determine the public key of a server and so toauthenticate them even in the first connection.
Here's xq's post about their idea:=
gemini://random-projects.net/blog/2021-03-03-distributed-trust.gemini
I propose an extension to this, which allows servers to announce theirintention (in a verifiable way) to change certificates in the nearfuture. Essentially, servers now provide (over Gemini) a '/.pubkey' URLwhere they serve the hash of the public key they will use in the nearfuture (which may be the same as the public key they use right now).Clients can periodically request '/.pubkey' to check if the serverintends to change their pubkey soon. In later connections, the serverwill either use the current pubkey or the previously-announced futurepubkey - if clients see the latter being used, they know that the serverhas transitioned to using this future pubkey and so can drop theprevious pubkey. This provides a safe method for verifying servercertificates, even when they are rotated.
There are a few more details, which you can read about on my blog post:=
gemini://gemini.ctrl-c.club/~aravk/blog/2021-03-04-distributed-trust.gmi
The exact format used and various smaller details can be tweaked as wesee fit, but I'm looking for thoughts on the general concept. I knowthat there are some voices for permanently using a single certificate,but I personally prefer rotating certs and I think that the perma-certpeople don't lose out at all in this.
Any (constructive) feedback is appreciated.
~aravk | ~nothien