27-04-2021

>Gemini uses TLS and it is common practice for Gemini clients to use self-signed certificates and TOFU.

>No dependency on centralized CAs.

>TOFU seems to work pretty well for SSH.

>AFAIK not many people actively verify host fingerprints on first use.

>It doesn't protect against MITM attacks on the first connection,

>but I wonder if that's not a case of better being the enemy of good to some extent?

Короче, ничто не мешает третьим лицам совершить MITM атаку при первом соединения пользователя с gemini-сервером.