From 369bc6700c20d7434bcfcb219f046932a9562494 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Mon, 19 Jan 2026 04:33:48 -0800
Subject: docs: Add TOFU certificate tracking to future ideas

---
 ideas.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ideas.md b/ideas.md
index 4408857..ad45b25 100644
--- a/ideas.md
+++ b/ideas.md
@@ -60,6 +60,14 @@
 - WebSocket monitoring
 - GraphQL endpoint monitoring
 
+### Gemini Protocol Enhancements
+- **TOFU (Trust On First Use)**: Implement certificate fingerprint tracking for Gemini monitors
+  - Store certificate fingerprint on first successful connection
+  - Alert if certificate changes (potential MITM or legitimate cert renewal)
+  - Option to accept new certificate and update stored fingerprint
+  - Common pattern in Gemini clients, reduces false positives from self-signed certs
+  - Particularly useful since self-signed certificates are the norm in Geminispace
+
 ## 4. Configuration & Management
 
 ### Config Enhancements
-- 
cgit v1.2.3