undefined | Better HN

0 pointsjumpyjumps2y ago0 comments

If it's self signed and TOFU you can't be sure there was no proxy in the middle on first use though.

0 comments

Self signed != inherently insecure. If you have the public key, verified it, and you want to make sure that you're getting content directly from the server, you can do just that. It's just not got a chain of trust with root certs that are built into the browser.

jumpyjumpsOP2y ago

My point is how do you get the public key if you can't trust what has been published? You can't trust the gemini site, you'd have to use another protocol, such as HTTPS signed by a CA in order to verify the public key you are being given was actually signed by the author and not someone in the middle rewriting the authors gemini content.

j / k navigate · click thread line to collapse

0 comments

junon2y ago

jumpyjumpsOP2y ago

j / k navigate · click thread line to collapse