Mercury

[Case Duckworth]

On Wed, Jun 24, 2020, at 11:14 AM, defdefred wrote:
> That the point about serving public data encrypted while every body can 
> request it?
> Example:
> - public domain book
> - weather (curl wttr.in/paris)
> - public news
> - governmental information
> - cute kitten videos
> - etc.
> 
> Optional PGP signature is enough to provide integrity.

If transmissions are sent in the clear, anyone in the middle (ISP, malicious actor) can modify any data, including a PGP signature (meaning a malicious actor could change the PGP signature to their PGP signature, then impersonate the person). TLS encrypts the *transmission* between the two endpoints, which is the only way to guarantee the message hasn't been tampered with.

> 
> Are you sure that TLS is safe?
> States are allowing communication they can't decipher?

I have no idea about this, but I defer to the experts who've designed and implemented the system. Besides, if a *state* wants to take you down, I'm not sure if there's anything you can meaningfully do. TLS is more like a lock on the door than a bunker.

> 
> From my point of view TLS is needed to manage personal data, but not 
> for all the geminispace.

Do you think the same of the web? HTTPS is nearly universal, and I'd say that's a good thing -- Wikipedia (to me, the definition of public information) redirects http requests to https automatically.

- Case