Thoughts about TOFU and gemini URLs

I thought about alternative to how to provide some semblence of trust that certificate was in fact created by authour of capsule without centralized points of authority: embedding fingerprints into gemini URLs in place of userinfo component. This way validity of certificate would be determined not by luck or by capital, but by community consensus. It seems to me that it is much harder to modify not only every single certificate, but also to keep track of how they were modified.

But there is a flaw in this idea: tls certificates are mandated to expirie at some point. Sure, one could set them to expire at some absurt point in the future since there is no Certificate Authority to dictate its policy, but it seems dirty to me. Perhaps there is such a thing as perpetual x509 certificates or gemini could move to ssh (yeah, sure) or we could all agree to just ignore expiration in clients, but I am not sure which is better and if any of these choices are better that status-quo.

#gemini #TOFU #URL

Mar 24 · 9 months ago · 👍 clseibold

5 Comments ↓

what about certificate chaining: sign the next certificate with the soon-to-expire one? this would require some technical support of course, and probably timing on both sides, but would preserve the TOFU (if not simplicity). this of course does not cover the revocation use case.

It could work. If community will settle on generous timing then you will still have some capsules that you can rebuild web of trust from, although it wouldn't work with links on static pages.

if we all could somehow create web of trust, that would be a good experience also for other communities.

the web of trust (and the rest of PGP) appears to have failed the test of time on the useability aspect.

@CarloMonte , I think the difference if that PGP is not hypertext.