I got a Gemini question. Is anybody ever see a listing of gemini sites along their encription key fingerprints? I need one to check if there is a MitM attack going on. I am sure it is not a case, but I want to be prepared.
11 months ago 路 馃憤 acidus
I use Lagrange on Android 6, it allows me to copy the fingerprint to the clipboard, the station fingerprint is 733633942f80782b5a3e02c4de126752419c9bc9ebebaa9b814eb30f190725ba 路 11 months ago
Good people at BBS have an answer: gemini://bbs.geminispace.org/s/Gemini/12928 路 11 months ago
gemini://bbs.geminispace.org/s/Gemini/12928
There has been discussion about some sort of identity database in Gemini for a long time now. Most people (including me) don't support the idea, since it's prone to creating centers of trust that preclude independent capsules and single points of failure. If you've visited the site before but the certificate has now changed, and you want to ensure you're talking to the same person, I'd recommend using DeLorean to compare things such as contact info on the capsule between that known good time and now. If it matches, it could just be a cert issue. 路 11 months ago
It's so funny you ask this. I've been thinking about adding this feature to my search engine Kennedy. The crawler has actually been collecting and storing the certificates used by all available capsules since May of 2023. So I could provide a lookup service where you can check to see if the fingerprint you are getting is the fingerprint I got, to detect a MitM attack!
Do you think this would be valuable? Different clients compute/display the fingerprint differently. What client(s) are you using? 路 11 months ago