2022-02-12 18:00:47 +00:00
|
|
|
# gemini-certificate-validation-demo-1
|
|
|
|
|
2022-02-17 18:20:22 +00:00
|
|
|
Minimal Gemini client capable of (self-signed) certificate validation
|
|
|
|
using the additional network perspective of a Tor exit node.
|
|
|
|
|
|
|
|
When the client encounters a new TLS certificate for a host, it connects
|
|
|
|
to that same host via Tor, in order to obtain its certificate from a
|
|
|
|
second vantage point. The user is notified on certificate mismatch or
|
|
|
|
connection failure.
|
|
|
|
|
|
|
|
Any MITM attack (whether enabled by BGP hijack, DNS compromise or
|
|
|
|
whatever else) will trigger an alert unless it affects both the user and
|
|
|
|
the exit node at the same time. As such, this validation method works
|
|
|
|
best when the exit node and the user are far apart and are not using the
|
|
|
|
same DNS resolver.
|
|
|
|
|
|
|
|
Users may configure Tor to select specific exit nodes by setting
|
2022-02-12 18:00:47 +00:00
|
|
|
the [ExitNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitNodes)
|
|
|
|
and [StrictNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#StrictNodes)
|
|
|
|
options in their `torrc` file. The `ExitNodes` option accepts
|
|
|
|
countries, IP address ranges and node fingerprints. For example, this
|
|
|
|
is how to only select exits located in France:
|
|
|
|
|
|
|
|
```
|
|
|
|
ExitNodes {fr}
|
|
|
|
StrictNodes 1
|
|
|
|
```
|
|
|
|
|
2022-02-17 18:20:22 +00:00
|
|
|
False alarms can be triggered by attacks on the exit node's end.
|
2022-02-12 18:00:47 +00:00
|
|
|
And, obviously, validation does not work for servers which block Tor.
|
|
|
|
|
|
|
|
Validated certificates are kept in memory for the duration of the
|
|
|
|
browsing session. Tor is assumed to be listening on localhost, port
|
|
|
|
9050.
|
|
|
|
|
|
|
|
This is a fork of Solderpunk's [minimal Gemini
|
|
|
|
client](https://tildegit.org/solderpunk/gemini-demo-1) written in
|
|
|
|
Python.
|