<-- back to the mailing list

Digital signature in gemini pages

Christophe HENRY listes at sbgodin.fr

Fri Feb 19 16:32:06 GMT 2021

- - - - - - - - - - - - - - - - - - - 

Le Fri, 19 Feb 2021 15:24:34 +0100,Stephane Bortzmeyer <stephane at sources.org> a écrit :

On Wed, Feb 17, 2021 at 10:35:02PM +0100,
Christophe HENRY <listes at sbgodin.fr> wrote
a message of 39 lines which said:
Is there a way to set up pages that are signed with Gnupg?
Note that the Web does not have it. (Only channel security, through
TLS, not actual object/data security.) It would be nice for Gemini to
have features missing in the Web :-)

Clearly! In addition to this, even if it were possible, as web pagesembed other things it would be of no use.

The purpose is to make pages downloadable along with their source
code and signature.
May be a convention:
$URL + ".asc" MAY give you access to a signature of $URL?

Right ^^ So every browser would be able to render the page as usual. There may be several modes:

A per-site setting would accept an error in the signature or not.

The rest follow the spirit of "Trust on first use". For instance,storing the public key of the author in the website. Maybe a kindaweb-of-trust among some websites gathered in rings…

Say : gemini://website.invalid/.well-known/tofu/certificate

-- Christophe HENRYFR EO EN - https://sbgodin.fr-------------- next part --------------A non-text attachment was scrubbed...Name: not availableType: application/pgp-signatureSize: 833 bytesDesc: Signature digitale OpenPGPURL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210219/d2968106/attachment-0001.sig>