gemini-certificate-validati.../README.md

# gemini-certificate-validation-demo-1

This is a minimal Gemini client capable of (self-signed) certificate
validation using the additional network perspective of a Tor exit node.
When the client encounters a new certificate for a host, it makes a TLS
connection to the same host via Tor, in order to obtain its certificate
from a second vantage point.  The user is notified on certificate
mismatch or connection failure.

This method should detect any local man-in-the-middle attack
(originating from the same LAN, for instance) and should also provide
protection over a more or less broad area of the Internet, depending on
the exit node's position in the network graph and its DNS resolution
setup.  Any attack will trigger an alert unless it affects both the user
and the exit node (whether it's a BGP hijack, a DNS compromise or
whatever else).

This validation method works best when the exit node is far from the
user's position.  Users may configure Tor to select specific exit nodes
by setting
the [ExitNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitNodes)
and [StrictNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#StrictNodes)
options in their `torrc` file.  The `ExitNodes` option accepts
countries, IP address ranges and node fingerprints.  For example, this
is how to only select exits located in France:

```
ExitNodes {fr}
StrictNodes 1
```

False alarms can be triggered by MITM attacks on the exit node's end.
And, obviously, validation does not work for servers which block Tor.

Validated certificates are kept in memory for the duration of the
browsing session.  Tor is assumed to be listening on localhost, port
9050.

This is a fork of Solderpunk's [minimal Gemini
client](https://tildegit.org/solderpunk/gemini-demo-1) written in
Python.
Update README. 2022-02-12 18:00:47 +00:00			`# gemini-certificate-validation-demo-1`

			`This is a minimal Gemini client capable of (self-signed) certificate`
			`validation using the additional network perspective of a Tor exit node.`
			`When the client encounters a new certificate for a host, it makes a TLS`
			`connection to the same host via Tor, in order to obtain its certificate`
			`from a second vantage point. The user is notified on certificate`
			`mismatch or connection failure.`

			`This method should detect any local man-in-the-middle attack`
			`(originating from the same LAN, for instance) and should also provide`
			`protection over a more or less broad area of the Internet, depending on`
			`the exit node's position in the network graph and its DNS resolution`
			`setup. Any attack will trigger an alert unless it affects both the user`
			`and the exit node (whether it's a BGP hijack, a DNS compromise or`
			`whatever else).`

			`This validation method works best when the exit node is far from the`
			`user's position. Users may configure Tor to select specific exit nodes`
			`by setting`
			`the [ExitNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#ExitNodes)`
			`and [StrictNodes](https://2019.www.torproject.org/docs/tor-manual.html.en#StrictNodes)`
			options in their `torrc` file. The `ExitNodes` option accepts
			`countries, IP address ranges and node fingerprints. For example, this`
			`is how to only select exits located in France:`

			```
			`ExitNodes {fr}`
			`StrictNodes 1`
			```

			`False alarms can be triggered by MITM attacks on the exit node's end.`
			`And, obviously, validation does not work for servers which block Tor.`

			`Validated certificates are kept in memory for the duration of the`
			`browsing session. Tor is assumed to be listening on localhost, port`
			`9050.`

			`This is a fork of Solderpunk's [minimal Gemini`
			`client](https://tildegit.org/solderpunk/gemini-demo-1) written in`
			`Python.`