Does TOFU actually work?

[Rohan Kumar]

Warning: uninformed opinions follow; feedback welcome.

On Mon, Nov 30, 2020 at 09:51:01AM -0500, Jason McBrayer wrote:
>One option would be a 'certificate observatory', where various clients 
>around the world submit the fingerprints they receive for various 
>hosts. You can then compare the cert you receive with the consensus of 
>the observatory. This doesn't protect you from MITM, but it makes you 
>aware of it.

There are multiple solutions, each with different sets of flaws. An 
observatory's flaws don't necessarily signify that it's a bad idea; they 
could also signify that it shouldn't be out *only* idea.

An idea related to an observatory: I think that it would be awesome if 
crawlers like GUS saved certs and allowed people to search through them 
in a variety of ways or over a variety of protocols: Tor, i2p, 
downloading limited dump over bittorrent...I'm spitballing 
MITM-resistant protocols. I don't know the "best" ways to go about this 
while avoiding the negative privacy-related consequences of opening up 
the index, but offering cert-checking over multiple other MITM-resistent 
protocols could help vulnerable users who'd like to be extra careful 
during the first connection.

Hmm...Gemini-over-i2p actually sounds *awesome*, especially since the 
tiny footprint of Gemini pages could pair well with its speed loss.
/Seirdy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: not available
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20201130/425ebff1/attachment.sig>