gemini-certificate-validati.../README.md

# gemini-certificate-validation-demo-1

Minimal Gemini client capable of (self-signed) certificate validation
using the additional network perspective of a Tor exit node.

When the client encounters a new TLS certificate for a host, it connects
to that same host via Tor, in order to obtain its certificate from a
second vantage point.  The user is notified on certificate mismatch or
connection failure.

Any MITM attack (whether enabled by BGP hijack, DNS compromise or
whatever else) will trigger an alert unless it affects both the user and
the exit node at the same time.  As such, this validation method works
best when the exit node and the user are far apart and are not using the
same DNS resolver.

Users may configure Tor to select specific exit nodes by setting
the [ExitNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitNodes)
and [StrictNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#StrictNodes)
options in their `torrc` file.  The `ExitNodes` option accepts
countries, IP address ranges and node fingerprints.  For example, this
is how to only select exits located in France:

```
ExitNodes {fr}
StrictNodes 1
```

False alarms can be triggered by attacks on the exit node's end.
And, obviously, validation does not work for servers which block Tor.

Validated certificates are kept in memory for the duration of the
browsing session.  Tor is assumed to be listening on localhost, port
9050.

This is a fork of Solderpunk's [minimal Gemini
client](https://tildegit.org/solderpunk/gemini-demo-1) written in
Python.
Update README. 2022-02-12 18:00:47 +00:00			`# gemini-certificate-validation-demo-1`

Clarify README. 2022-02-17 18:20:22 +00:00			`Minimal Gemini client capable of (self-signed) certificate validation`
			`using the additional network perspective of a Tor exit node.`

			`When the client encounters a new TLS certificate for a host, it connects`
			`to that same host via Tor, in order to obtain its certificate from a`
			`second vantage point. The user is notified on certificate mismatch or`
			`connection failure.`

			`Any MITM attack (whether enabled by BGP hijack, DNS compromise or`
			`whatever else) will trigger an alert unless it affects both the user and`
			`the exit node at the same time. As such, this validation method works`
			`best when the exit node and the user are far apart and are not using the`
			`same DNS resolver.`

			`Users may configure Tor to select specific exit nodes by setting`
Update README. 2022-02-12 18:00:47 +00:00			`the [ExitNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitNodes)`
			`and [StrictNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#StrictNodes)`
			options in their `torrc` file. The `ExitNodes` option accepts
			`countries, IP address ranges and node fingerprints. For example, this`
			`is how to only select exits located in France:`

			```
			`ExitNodes {fr}`
			`StrictNodes 1`
			```

Clarify README. 2022-02-17 18:20:22 +00:00			`False alarms can be triggered by attacks on the exit node's end.`
Update README. 2022-02-12 18:00:47 +00:00			`And, obviously, validation does not work for servers which block Tor.`

			`Validated certificates are kept in memory for the duration of the`
			`browsing session. Tor is assumed to be listening on localhost, port`
			`9050.`

			`This is a fork of Solderpunk's [minimal Gemini`
			`client](https://tildegit.org/solderpunk/gemini-demo-1) written in`
			`Python.`