There is a capsule I visit now and then and its certificate just expired and I just thought of something. Since Gemini protocol use the certificate fingerprint (wich changes every time you renew the certificate) and not the public key, how do you know you are not beeing MITM? I think it would be better to hash the public key and use that to validate the certificate.
3 years ago 路 馃憤 negepezzannyitfiam
@maria Fair point, but if we have the technology already (public key) we may as well use it. Renewing a certificate isn't harder than creating a new one. Checking why fingerprints change isn't just a PITA, is avoidable using the already existing PK as a fingerprint.
There are other cases wher automations is required. Think of a crawler for a serch engine (should it blindly trust the new cert?) or IoT devices that use your own server (and you dont want to change the fingerprint on every devices). 路 3 years ago
@skyjake but if your assumption is correct, then it's like other things. if you leave your wallet in the park and leave, it's give when you return, the local authority is not the one that should need to adopt to prevent theft, instead if the person decides to take the risk, the risk is on their part. this is not what computer security has been for decades. it removes all responsibility from the user, so they assume they are entitled to be saved from malicious users 路 3 years ago
@shway Thanks! 馃槉
@maria You are certainly right, people should learn what computer security is about and how to ascertain these things for themselves. But they won't, because the security/convenience tradeoff is very real, and the concepts involved are highly technical and/or mathematical.
It comes down to the level of risk each individual user is willing to accept vs. how much inconvenience they'll put up with, assuming they even learn about the potential risks in the first place. 路 3 years ago
technically TOFU should prevent MITM attacks by informing you something is different. then you need to go investigate. that's the thing about security and trust. you need to learn how to check your locks. if you rely on automatism, you end up with a cert chain that for instance @skyjake decided to trust. and you have to take their word for it 路 3 years ago
Lagrange is really cool!
I don't know why I thought that the fingerprint (as in SSL_fingerprint) was required for validation. 路 3 years ago
Well, actually...! The Gemini specification does not state exactly how the server certificate fingerprint should be generated.
Lagrange has used the public key fingerprint since v1.6. From the release notes:
Server certificate fingerprints are generated based on public keys, which allows servers to renew their certificates without losing trusted status.
Of course, it's sill up to the server admin to generate a new certificate using the same key pair. 路 3 years ago
I thought that before old cert expires, owners could create new one, subscribe it with old one, and use for gemini server. Clients could recognize that and accept new cert silently 路 3 years ago