Commit 38c2f252 authored by nervuri's avatar nervuri
Browse files

perspective-based certificate validation demo

parent 5db7fc6d
Pipeline #473636977 passed with stage
in 16 seconds
# Perspective-based certificate validation demo
I wrote a tiny demo of perspective-based certificate validation, using Tor to check a desired host's certificate from an additional vantage point:
=> https://tildegit.org/nervuri/gemini-certificate-validation-demo-1
Specifically, I added [this code] to Solderpunk's 100-line Gemini client written in Python, enabling it to validate self-signed certificates. It should be enough to spot most MITM attacks. See the README for details.
=> https://tildegit.org/nervuri/gemini-certificate-validation-demo-1/commit/06a52879a85b71e40881493ea465dd6d2acd1544 [this code]
Perspective-based validation complements TOFU nicely. We can keep relying on self-signed certs *and* have decent MITM protection without requiring capsule admins to do anything differently. It is fundamentally what CAs do, after all:
=> https://letsencrypt.org/2020/02/19/multi-perspective-validation.html
# nervuri - journal
=> 2022-01-17_gemini-archive.gmi 2021-01-17 - Gemini archive
=> 2022-02-17_tls-perspective-validation-demo.gmi 2022-02-17 - Perspective-based certificate validation demo
=> 2022-01-17_gemini-archive.gmi 2022-01-17 - Gemini archive
=> 2021-03-10_plain-text-steganography.gmi 2021-03-10 - Zero-width characters and tracking via pasted text
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment