If it's working, don't fixit... Yesterday I was thinking on the Encryption/TLS problem on Gemini, compared with Spartan. What could be the simplest way to ensure privacy whilst we transfer info? A public cert for the user requesting to encrypt the received info... Interesting question, but I think Gemini works pretty well as it is. What do you think?
1 year ago
A VPN could be a good option for using HTTP or Spartan, with improved privacy, at least with your immediate network.
Forward-secrecy is a really important point, mainly when we are exchanging sensitive information, although I think for this thought exercise, we are looking for a compromise between not having a whole TLS and having 'enough' and simple privacy for public content, but yeah, it's something to have a deeper thought.
https://en.wikipedia.org/wiki/Forward_secrecy#Attacks
Aaaand, yeah, we need a certificate for the server, and that's when having Root Certificates, centralizated authentication and such, makes this exercise a bit harder.
Thanks for your replies :) · 1 year ago
https://en.wikipedia.org/wiki/Forward_secrecy#Attacks
How about using a VPN? · 1 year ago
Client certificates render requests by a single user trackable over time and between services, and static keys don't allow for forward-secrecy. If privacy and not authentication is your goal, anonymous key exchange like Diffie-Hellman seems like a better foundation IMO. · 1 year ago
If the user is the only party with cetificate, there is no way to ensure the authenticity of the server. · 1 year ago