27-04-2021

>Gemini uses TLS and it is common practice for Gemini clients to use self-signed certificates and TOFU.
>No dependency on centralized CAs.

>TOFU seems to work pretty well for SSH.
>AFAIK not many people actively verify host fingerprints on first use.
>It doesn't protect against MITM attacks on the first connection,
>but I wonder if that's not a case of better being the enemy of good to some extent?

Короче, ничто не мешает третьим лицам совершить MITM атаку при первом соединения пользователя с gemini-сервером.