=> Re: "Is that's safe to use same identity certificate for..." | In: s/Gemini
An identity certificate per service would be overkill. Encryption runs separate over TLS, the identity certificate is just a way to have a "state", as Gemini is otherwise "stateless".
If need be, you could have one identity for public facing, one for games and so on. Even that might be overkill, as you losing your key almost neccesitates someone having extended access to your device with the key.
Jan 12 ยท 7 days ago
=> ๐ stack ยท Jan 12 at 21:23:
Is it in any way damaging to have your identity be connected across multiple sites? That is up to you to decide.
Just keep in mind that every site you connect to with a certificate may be logging it (along with your IP address and other data), and at some time in the future, some overreaching group or authority may get a hold of these logs. That would retroactively connect you with 100% certainty across these sites, tying all the available information across sites to you, and possibly deanonymizing you.
In practical terms, it does not matter to most people who use the same certificate to say, play games on Gemini.
=> ๐ป darkghost ยท Jan 12 at 22:17:
No one can know my farkle score. Especially not the three letter agencies.
=> ๐ฟ argenkiwi ยท Jan 12 at 22:22:
I was wondering how to use my account from multiple devices as well. I can see Bubble allows you to set a temporary password to add multiple certificates to the same account. I was going to just copy the certificate over, but I think I'll try this instead.
=> ๐ stack ยท Jan 12 at 22:43:
@argenkiwi -- that doesn't accomplish much, since all those certifs will be tied to the same identity by the only people who can see them...
=> ๐ stack ยท Jan 12 at 22:45:
@darkghost -- you will be sorry when someone tries to assassinate @gritty for making them farkle out, and your identity is the only lead in the investigation!
=> ๐ฟ argenkiwi ยท Jan 12 at 23:05:
@stack In terms of identity protection? Yeah, that's true. Would it help retain ownership of an account if one the certificates got compromised?
=> ๐ stack ยท Jan 12 at 23:44:
@argenkiwi: true, but if you are safeguarding a valuable property, losing one of several keys to a determined opponent gives them a chance to take over and change the. locks or just take what they need.
If your concern is just being able to get into Bubble after reinstalling Windows, then, having another machine with a working certif is helpful. However how does it help to have two different certificates?
=> ๐ฟ argenkiwi ยท Jan 12 at 23:50:
@stack Never Windows! XD Although it does illustrate the case in which a device is lost or stolen and you want to ensure they certificate is no longer used. I cannot think of any other reason it would be useful.
=> ๐ stack ยท Jan 12 at 23:55:
@argenkiwi, still. If you had the same certificate on another (linux) machine, how would it be different? You would log in with the same compromised certificate and install a new one, if the opponent hadn't beaten you and locked you out.
With a different certificate you would also log in and revoke the bad certf if the opponent hadn't beaten you to it and locked you out.
I can't see the advantage.
=> ๐ stack ยท Jan 12 at 23:59:
and if there is no opponent, does it matter, except with one certif you have nothing to do, but with two, you still have to revoke the lost one since you no longer have the private key...
=> ๐ฟ argenkiwi ยท Jan 12 at 23:59:
@stack, I understand. It is not bulletproof. Only if you act fast and remove the certificate from the account before the attacker uses it you would be safe. If the alternative is to have only one, wouldn't you still have to be quick enough to create a new certificate, add it and revoke the compromised one in order to save the account?
=> ๐ stack ยท Jan 13 at 00:03:
Oh, I see. Yes it will cost you the time to create a new certif, login, revoke the old certif and install the new certif, vs. logging in and just revoking the old one. If you can still get in.
It is a small win.
=> ๐ฟ argenkiwi ยท Jan 13 at 00:17:
Yeah, not a great improvement, but if it is something you would still need to do, you may as well do it in advanced. The measures you take to protect the certificates are what will make a more significant difference overall.
Thanks for the discussion @stack, I've only started to get my head around indentities in the context of Gemini and it has given me a better mental picture of what is achievable and what isn't.
=> ๐ stack ยท Jan 13 at 00:33:
@argenkiwi: for me the big realization was that, as a game/service provider, I can very easily keep track of users via certificates, with full encryption and totally authenticated (put not necesserily identified).
With the web, I would have to generate a session key and make sure it is sent back and forth without being forged.
It's great for games, as authentic identities of users are not important, but I have a guarantee that if I see a certificate I've seen before, it's the same user.
=> ๐ธ HanzBrix ยท Jan 13 at 07:24:
We also need to keep in mind, at least when we are talking security wise, I have never actually heard of anyone who has gotten their cert/keys stolen.
It happens on servers, sure, but they are always online and running software that can have a myriad of vulnerabilities.
People forget that the access required to steal a cert/key, means you already have an attacker on your local system. At which point your cert/key is the least of your problems.
Is that's safe to use same identity certificate for different services? Usually, asymmetric encryption means I share data signed with own private key + remote public key. Don't remember where exactly but saw the recommendation to use different certs for different hosts in Geminispace. Maybe that's because of privacy reasons only..
=> ๐ฌ ps ยท 17 comments ยท Jan 12 ยท 7 days ago This content has been proxied by September (ba2dc).Proxy Information
text/gemini; charset=utf-8