=> Re: "Enhancing Gemini’s TOFU Model with Convergence: A Proposal..." | In: s/Gemini
Is there a spec for this Convergence scheme? From the information in the links, I expect that it's too complicated to have a chance of being adopted by gemini developers (and the same probably goes even for the simplest notary schemes).
=> 🚀 mbays
2024-11-05 · 3 months ago
I did find Moxie's criticisms of DANE in the second link interesting, by the way.
=> ☕️ tenno-seremel · Nov 06 at 07:28:
@daruma Because otherwise an ISP can MitM you and censor or add any data (which you’d think comes from someone else’s mouth), or feed your system a 0-day exploit to monitor you better. Although I don’t think the thing that OP suggests is a solution I’d want.
=> 🌒 s/Gemini
Enhancing Gemini’s TOFU Model with Convergence: A Proposal for Decentralized, Collaborative Certificate Validation — The Gemini protocol’s minimalist, privacy-focused design is a refreshing alternative to the traditional, often bloated web. Its reliance on Trust on First Use (TOFU) brings much-needed decentralization and reduces dependence on Certificate Authorities (CAs). However, as Daniel Stenberg and others have pointed out, TOFU has inherent vulnerabilities. Specifically, it requires users...
=> 💬 LooseCannon · 8 comments · 1 like · 2024-11-04 · 3 months ago This content has been proxied by September (3851b).Proxy Information
text/gemini; charset=utf-8