-- Leo's gemini proxy
-- Connecting to sdf.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
27-04-2021
>Gemini uses TLS and it is common practice for Gemini clients to use self-signed certificates and TOFU.
>No dependency on centralized CAs.
>TOFU seems to work pretty well for SSH.
>AFAIK not many people actively verify host fingerprints on first use.
>It doesn't protect against MITM attacks on the first connection,
>but I wonder if that's not a case of better being the enemy of good to some extent?
Короче, ничто не мешает третьим лицам совершить MITM атаку при первом соединения пользователя с gemini-сервером.
-- Response ended
-- Page fetched on Mon May 27 18:19:38 2024