FBXL Social

i wonder if I could configure my browser to accept self-signed certificates?

@m0xee TIL that Firefox does that. Chromium as well?

@m0xee More websites in the software freedom focussed nerdosphere should use self-signed certs and rely on TOFU like Gemini does.

You don't need permission from a certificate authority then, much more independent.

@m0xee Sure, let's encrypt gives certificates to almost everyone. But it's better to be actually self-sufficient if you ask me.
How much vetting does Let's Encrypt do anyway? AFAIK not much.

@m0xee Does the warning look the same as as an error?
Should be one colour (say, red) for errors and another (say, yellow) for self-signed. Sort of like the way Pixel bootloaders show green for official OS and yellow for unofficial but red for an error (IIRC).

@lnxw37b2 TOFU should be enough for many websites IMO

@feld Not what I mean. See https://social.fbxl.net/notice/Alo6RCar9qdLklpFA0 . I mean for public use.

Also, other kinds of TLS-enabled services. Like XMPP and Mumble.

Every application should support certificate pinning.

Doesn't PGP do that with revocation certificates?
Why can't TLS do the same thing?

@m0xee Okay, that's interesting. I tend to use Chromium though because I've heard it has better sandboxing.

@m0xee @feld I'm not a Rust programmer (or any sort of programmer at all really), but that doesn't look too bad to me. You just have to tell it explicitly "I want to do this dangerous thing". Isn't that the Rust ethos?

@m0xee @feld That's kind of what I'm getting at. The stakes are lower in Gemini. But also, the stakes are lower with decorative/fun personal websites or casual forums/social media/boards. Or, potentially, anything that already has end-to-end crypto.