[teruakohatu]

Without TLS you cannot be sure the content was not modified after it was sent to you but before you received.

It is a reasonable requirement in the 2020s.

[jumpyjumps]

If it's self signed and TOFU you can't be sure there was no proxy in the middle on first use though.

[junon]

Self signed != inherently insecure. If you have the public key, verified it, and you want to make sure that you're getting content directly from the server, you can do just that. It's just not got a chain of trust with root certs that are built into the browser.

[jumpyjumps]

My point is how do you get the public key if you can't trust what has been published? You can't trust the gemini site, you'd have to use another protocol, such as HTTPS signed by a CA in order to verify the public key you are being given was actually signed by the author and not someone in the middle rewriting the authors gemini content.

[rhabarba]

I see my mistake. Sorry.