[tech] Integrity checks for Gemini pages

nervuri nervuri at disroot.org
Fri May 21 17:57:24 BST 2021

On Thu, 2021-05-20, nothien at uber.space wrote:
>Sorry, but that's just wrong.  TLS already provides the mandatory
>close_notify signal (and there have been discussions about it before on
>this ML) for indicating that the complete text has been transferred.

We can't rely on close_notify, unfortunately.  According to Lupa [1],
"33.3 % of URLs do NOT send a proper TLS shutdown (application close).
Even 26.7 % of those who return status 20 are in that case."

[1] gemini://gemini.bortzmeyer.org/software/lupa/stats.gmi

>And every single authenticated encryption method provided with TLS
>ensures that the communicated data is the same at both ends - bit flips
>and the like are detected and such malformed packets are dropped
>appropriately.  One of the mechanisms for this verification is Poly1305
>- check it out if you're interested in how and why these work.

You're referring to the transfer, but data may be corrupted server-side,
on disk or in RAM.

More information about the Gemini mailing list