Geminispace Community - Commune of 1

2025-03-25 - [54] 1:5

Uh oh... this is one of those "Geminispace posts about Geminispace"... I have at least 1 more of these kind of posts I want to write at some point.

Last night I had read the post "Thoughts about TOFU and gemini URLs", linked below:

Thoughts about TOFU and gemini URLs

My post isn't here to bash that post, but I do want to mention one quote in here that made me realize what I want out of Gemini. Please understand that I am not trying to imply a position of this post author. I just noticed some words that made me think.

This way validity of certificate would be determined not by luck or by capital, but by community consensus.

The key words here are "community consensus". In my opinion, Gemini SHOULD DEFINITELY allow for a "commune of 1", where if every other person stops using the Gemini protocol, I can still use it by myself.

Community

At the moment, the only requirements of creating a Gemini server are the ability to handle requests from Gemini clients over the Internet and TLS 1.2+. That's it. A domain name of course is certainly recommended and makes the TLS handling quite a lot easier. Having more than 1 person use Gemini is not a requirement and I believe it SHOULD NOT be a requirement at any point.

Community is a good thing for the internet in my opinion. The Gemini protocol SHOULD be used as a foundation by at least some people to build and foster communities, but the protocol itself should stay agnostic about whether any more than 0 or 1 person exists.

Quick Note on the Gemini Protocol

It very frequently seems that the pain point of the Gemini protocol seems to be TLS to one degree or another. Many folks have issues with how complicated TLS is compared to the rest of the Gemini protocol, creating quite a barrier to entry for a protocol that is supposed to be incredibly simple. Some folks find issue in TOFU (Trust On First Use) certificates. Others have experienced issues early on in their server TLS certificate, so they needed to make a new certificate, thus causing Gemini clients that have already visited their server to panic because the TLS certificate has changed.

I personally have had issues with some clients not accepting TLS certificates that use newer cryptographic standards than RSA 4096. This will become an issue over time, as we haven't "finished" secure cryptography yet. I'll try to write a post about that at some point, especially for cryptographic algorithms and standards after TLS 1.3.

Contact/Reply

If you would like to reply to this post, feel free to send me an email.

Email: vi@vigrey.com

PGP Public Key [515F AD67 F931 0A2B 9B93 CE19 814F ECB1 A398 63CE]