27-04-2021

>Gemini uses TLS and it is common practice for Gemini clients to use self-signed certificates and TOFU. 
>No dependency on centralized CAs.

>TOFU seems to work pretty well for SSH. 
>AFAIK not many people actively verify host fingerprints on first use. 
>It doesn't protect against MITM attacks on the first connection, 
>but I wonder if that's not a case of better being the enemy of good to some extent?

Короче, ничто не мешает третьим лицам совершить MITM атаку при первом соединения пользователя с gemini-сервером.