Comment by 🍭 jmjl

Re: "New "Certificate and Key Validator" service to Kennedy"
In: s/Geminispace

@Acidus Maybe also make this service make itself check the TLSA records if there are any, and if you build a gemini client, make it check tlsa records of the validator every time they expire, and have it have TLSA records?

Yes, I realize it's not obligatory for you to set a TLSA record, but I guess this might be helpfull if people like the idea.

🍭 jmjl

2023-12-29 · 2 years ago

1 Later Comment

🧇 Acidus [OP] · 2023-12-30 at 13:28:

@jmjl That's a neat idea. I'm not too familiar with TLSA, DNSSEC, and DANE, but this is a chance to dig into them

Original Post

🌒 s/Geminispace

New "Certificate and Key Validator" service to Kennedy — I added a "Certificate and Key Validator" service to Kennedy. This helps you figure out if a certificate/key change on a capsule is from a innocent change by the capsule owner, or a possible MITM attempt. Read me here: [gemini link] If I ever build a Gemin client, I would probably build something like this into it. (with a perference to disable). As in, if you access a capsule and it's cert/key is different, my client would check with...

💬 Acidus · 4 comments · 1 like · 2023-12-28 · 2 years ago