<-- back to the mailing list

[tech] Integrity checks for Gemini pages

nervuri nervuri at disroot.org

Fri May 21 17:57:24 BST 2021

On Thu, 2021-05-20, nothien at uber.space wrote:

Sorry, but that's just wrong. TLS already provides the mandatory
close_notify signal (and there have been discussions about it before on
this ML) for indicating that the complete text has been transferred.

We can't rely on close_notify, unfortunately. According to Lupa [1],"33.3 % of URLs do NOT send a proper TLS shutdown (application close).Even 26.7 % of those who return status 20 are in that case."

[1] gemini://gemini.bortzmeyer.org/software/lupa/stats.gmi

And every single authenticated encryption method provided with TLS
ensures that the communicated data is the same at both ends - bit flips
and the like are detected and such malformed packets are dropped
appropriately. One of the mechanisms for this verification is Poly1305
- check it out if you're interested in how and why these work.

You're referring to the transfer, but data may be corrupted server-side,on disk or in RAM.

Proxied content from gemini://rawtext.club/~sloum/geminilist/006557.gmi (external content)

Gemini request details:

Original URL
gemini://rawtext.club/~sloum/geminilist/006557.gmi
Status code
Success
Meta
text/gemini
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.