About document signing

[defdefred]

Hello,

I'm reading Gemini stuff for days now and I feel that the idea of a lighter and safer web is marvelous.

I must confess that TLS is a big issue for me.
I don't really trust TLS as company/states nowdays use TLS interception and we should consider TLS as broken.
Really secure application are now using end-to-end encryption at application level (protonmail, etc.).

Why not simply using GPG?

Signing all document at publication time (oneshoot computation) and serving gemini page with server/path/document.gmi + server/path/document.gpg could assure you that the original document is free of hacking and don't break minimalist gemini browser.

* This keep the phylosophy of serving data with only one connexion, the second for security purpose is optional.
* Keeping vital data (text) throughput requirement low is important to spread on network with low bandwidth and high latency.


Regards, K.I.S.S and Less is More :-)
freD.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - defdefred at protonmail.com - 0xF2B9981B.asc
Type: application/pgp-keys
Size: 1828 bytes
Desc: not available
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200518/f8e85cc8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 477 bytes
Desc: OpenPGP digital signature
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200518/f8e85cc8/attachment.sig>