Re: "State of the Nat^W Misfin"

In: s/misfin

You mean that TOFU should be in both directions? Yes.

🚀 stack

2025-09-09 · 8 months ago

3 Later Comments ↓

⛄️ gim [OP] · 2025-09-09 at 19:04:

not that, it irritates me, that I can create cert with any hostname and just throw msgs.

I would expect server to at least friggin check if host that signed sender's cert actually has the same pub key as is in cert itself.

*edit*:

So at minimum I can spoof basically any host, in worst case, I can completely spoof sender. In general this makes me question the idea of using certs for this purpose at all...

I think I might do some longer write up.

🚀 stack · 2025-09-09 at 20:23:

All self-signed certs are good for is making sure that repeat connections are with the _same_ party. Assuming anything else is not good.

What's in the certificate or in the message is just words that someone types in.

⛄️ gim [OP] · 2025-09-09 at 20:49:

I think I just had bad luck with mentioned public instance.

I looked at estampa misfin server just a few minutes ago, and this one actually gets cert from the host set inside senders cert and uses that to verify senders cert (good/sane).

Still, that functionality should be a requirement, and not an optional feature.

🌒 s/misfin

⛄️ gim:

State of the Nat^W Misfin — I have just learned about something, that I find truly bizarre. Advanced Misfin servers may perform CA validation in addition to TOFU. In this scheme, upon receiving a message from a sender with an unrecognized host, the Misfin server may perform a single blank request to the sender's host, and store its certificate. That stored certificate can then be used to verify the certificates of senders purporting to be from that host. I'm baffled, as why is this is not a...

💬 4 comments · 2025-09-09 · 8 months ago