Comment by 👻 ps

Re: "Until the Misfin protocol is developed (I have found at..."
In: s/misfin

@clseibold, in my case, there is no one in the middle because I'm using an encrypted tunnel interface, but I still MUST use TLS to interact with the destination, which is already owned by the recipient.

👻 ps [OP]

Jun 26 · 6 months ago

3 Later Comments ↓

🚀 clseibold [🛂] · Jun 27 at 01:46:

@ps Right, that's because the protocol doesn't specify anything for tunnels that already have encrption. With quic, you can use x509 certs in quic itself, and so the protocol doesn't need to specify anything really to work over quic. But if we're dealing with tunnels or other encryption methods, then the spec would have to specify how x509 client certs are dealt with.

It's just easier to define your protocol to work over TLS or Quic, or other wire protocols that use x509 certs, though.

Btw, a lot of people are generally overestimating the weight of TLS 1.3 and Quic, imo. They are both very lightweight, afaik.

🚀 clseibold [🛂] · Jun 27 at 01:53:

@ps Also, here's a page about why Tor sites would still use HTTPS instead of just HTTP: https://onionservices.torproject.org/research/proposals/usability/certificates/

A lot of this also pretty much applies to other networks, like i2p and yggdrasil, imo.

🚀 clseibold [🛂] · Jun 27 at 01:57:

@ps One more thing. In misfin, mailbox certificates actually don't need to be stored on the misfin server. You can crate a certificate signing request (CSR) to the misfin server on mailbox creation, and the private key of the mailbox cert never has to leave a person's local computer.

Nobody does it this way *because* there's no GUI misfin clients, lmao. So our "misfin clients" are implemented on the misfin server atm using a Gemini client (basically the equivalent of webmail, but for Gemini; e.g., skylab, or in my misfin-server, or @gemalaya's misfin server). These "Geminimail" misfin clients have to be able to send using a mailbox's private key, and so that's the only reason you would store your misfin mailbox private key on a misfin server.

Hopefully this makes sense.

Original Post

🌒 s/misfin

Until the Misfin protocol is developed (I have found at least three editions), I would like to raise the question about the TLS requirement for all connections. In short, the main point is described here: [gemini link] Personally, I'm using encrypted IPv6 mesh networks like Yggdrasil, and I really don't want any external TLS layer. Maybe it's time to care about now than later?)

💬 ps · 15 comments · 2 likes · Jun 26 · 6 months ago