[tech] Integrity checks for Gemini pages
nervuri at disroot.org
Fri May 21 17:57:24 BST 2021
On Thu, 2021-05-20, nothien at uber.space wrote:
>Sorry, but that's just wrong. TLS already provides the mandatory
>close_notify signal (and there have been discussions about it before on
>this ML) for indicating that the complete text has been transferred.
We can't rely on close_notify, unfortunately. According to Lupa ,
"33.3 % of URLs do NOT send a proper TLS shutdown (application close).
Even 26.7 % of those who return status 20 are in that case."
>And every single authenticated encryption method provided with TLS
>ensures that the communicated data is the same at both ends - bit flips
>and the like are detected and such malformed packets are dropped
>appropriately. One of the mechanisms for this verification is Poly1305
>- check it out if you're interested in how and why these work.
You're referring to the transfer, but data may be corrupted server-side,
on disk or in RAM.
More information about the Gemini