=> Re: "Is that's safe to use same identity certificate for..." | In: s/Gemini
@argenkiwi: for me the big realization was that, as a game/service provider, I can very easily keep track of users via certificates, with full encryption and totally authenticated (put not necesserily identified).
With the web, I would have to generate a session key and make sure it is sent back and forth without being forged.
It's great for games, as authentic identities of users are not important, but I have a guarantee that if I see a certificate I've seen before, it's the same user.
=> 馃殌 stack
Jan 13 路 7 days ago
=> 馃惛 HanzBrix 路 Jan 13 at 07:24:
We also need to keep in mind, at least when we are talking security wise, I have never actually heard of anyone who has gotten their cert/keys stolen.
It happens on servers, sure, but they are always online and running software that can have a myriad of vulnerabilities.
People forget that the access required to steal a cert/key, means you already have an attacker on your local system. At which point your cert/key is the least of your problems.
=> 馃寬 s/Gemini
Is that's safe to use same identity certificate for different services? Usually, asymmetric encryption means I share data signed with own private key + remote public key. Don't remember where exactly but saw the recommendation to use different certs for different hosts in Geminispace. Maybe that's because of privacy reasons only..
=> 馃挰 ps 路 17 comments 路 Jan 12 路 7 days ago This content has been proxied by September (ba2dc).Proxy Information
text/gemini; charset=utf-8