When Gemini has been debated, the following points have come up repeatedly:
The latter two of these aren't necessarily obviously existential threats to Gemini.
But really, they are.
(Trust On First Use / Public Key Infrastructure)
If TOFU were replaced with PKI in Gemini, every Gemini site would need to have an accompanying HTTPS site.
TOFU is the policy used by SSH and Gemini when connecting to a remote host. Does the host present the same security credentials as the previous time we spoke to it? If this is the first time, trust it. If it's a subsequent time and the credentials have changed, interrupt and prompt the user.
An alternative is PKI, which is standard for the HTTPS web. There, a site may change its credentials, but in all cases its credentials must be validated by a Trusted Third Party. The data necessary for ascertaining if a TTP has authenticated the site is distributed with the web browser and stored on the user's computer.
Under both PKI and TOFU, the trust store is on the user's computer. But one consists in a set of credentials relating to trusted third parties, and the other in the credentials of already-visited sites.
The PKI system sets up a choke point which can be leveraged for extracting rents from site operators. In recent years this has been reduced to a peppercorn by LetsEncrypt, which hands out certificates for free to anyone with an HTTPS site. To the best of my knowledge, LetsEncrypt requires that the site requesting the certificate be visible online via HTTP/HTTPS. It seems to follow that to obtain a free certificate trusted by the popular browsers, one must have an HTTPS site.
To require PKI for Gemini seems to entail that there be a corresponding HTTPS site for each Gemini site, which would undermine Gemini as an independent protocol. The benefit of NOT using the bloated web technology would go away.
To re-open Gemini for extensions would potentially open it to *limitless* extensions. It's not clear what limiting principle could stop this over time, if the principle that Gemini is not to be extended were abandoned. Over twenty years or so it could gradually acquire the same well-meaning cruft as the web: scripting, animation, tracking, just one more feature, etc, etc.
Assuming that there's a natural tendency for technologies to acquire complexity in this way, this will eventually lower Gemini to the point where a single individual can no longer implement the protocol, and ultimately to the point reached by the WWW, where no new *group* of individuals can even implement it from scratch.
Again: the distinctive benefits of Gemini would be vitiated.