Post AXFTT8a23Us6uvouVU by yoshir@lor.sh
 (DIR) More posts by yoshir@lor.sh
 (DIR) Post #AXFTT3q9g7nWDUKDRY by yoshir@lor.sh
       2023-06-30T15:32:30Z
       
       1 likes, 0 repeats
       
       I have been thinking about #gemini #protocol lately and it's #TOFU model in particular. While I understand what they are going for, I think it's still really vurnelable against attacks from the #StateActors. Even if #HTTPS cannot penetrate the block, lack of #certificate alerts user to the tampering.The system where each #server has something like a #webring of hashes certificates of other #websites and clients would check if site supplies real or fake certificates is interesting, but the system still need #bootstraping (Maybe with the help of something like #TOR or #I2P) and it still has risk of sites being #coerced into hosting #fraudulent certificates and then using them to act as #MITM.Perhaps system of more reasonable compromises can exist, but I am not sure.
       
 (DIR) Post #AXFTT5t44HJUZ5hZFw by yoshir@lor.sh
       2023-06-30T15:54:16Z
       
       0 likes, 0 repeats
       
       Also, while #CentralAuthority model can be abused, so can be #DNS. I think something like I am siding with I2P more and more.
       
 (DIR) Post #AXFTT8a23Us6uvouVU by yoshir@lor.sh
       2023-06-30T17:27:23Z
       
       0 likes, 0 repeats
       
       I guess the server upon establishing encrypted, but unverified connection can give a list of servers that can vouch for it, then they can give their servers that can vouch for them until either client stubles upon server that was already verified or runs to the edge of the pool. But there is still a question of what to do with malicious servers that have gained trust.