From b166338ef5eabd3cbcdc2fdc51adf0ea5b2913fb Mon Sep 17 00:00:00 2001 From: "Felix (xq) Queißner" Date: Sun, 21 Jun 2020 23:47:31 +0200 Subject: Some more manual --- src/about/help.gemini | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/about/help.gemini b/src/about/help.gemini index b07f25e..cc94cc8 100644 --- a/src/about/help.gemini +++ b/src/about/help.gemini @@ -252,14 +252,24 @@ There is also the scheme about: which can be used to access internal sites for c => about:style-preview ## Security Concept -Kristall has some -> TODO: Write - -* Client certificates are disabled when doing a host switch -* Client certificates allow host filtering -* Redirects check certain stuff -* TOFU -* CA +Kristall has some built-in security measures to make your browsing experience safe and sane. + +### Philosophy + +Kristall will always try to warn or ask you if anything critical will happen. +Sneakily redirecting you to another host? +You missed disabling your client certficiate when switching hosts? +Kristall will ask you whether you want to keep your current settings and continue or if you want to disable that feature. These security measures are quite non-intrusive and help you "not missing the click". + +It will also make some artificial hurdles when you can *really* make something that is critical, like visiting a host with a mistrusted certificate or deleting your client certificates. + +### Security Measures + +* Client certificates will be disabled when doing a host or protocol switch +* Client certificates allow host filtering to double-opt-in for non-planned hosts +* Redirects check for cross-scheme or cross-host redirections. +* Fine-grained customizations +* Trusting TLS connections based on manually built lists, TOFU method or using the certificate authority system ## Supported Media Types * text/plain -- cgit v1.2.3