Howdy, Yes, massively, you are right. I mentioned this in my recent gemlog post on TLS, please see: gemini://gemini.circumlunar.space/users/solderpunk/cornedbeef/tls-musings.gmi This part of the spec needs tightening up, and since we actually have real world implementations of an application using client certificates I consider this a higher priority than some other stuff, which is only a possible future concern yet. I expect most of the major changes to come shortly after the spec unfreeze will relate to client certificates. I have been thinking about the matter and have coded up lots of client certificate related stuff in AV-98 in the past week or so to demonstrate concrete ideas about how we might want this to work. Please be patient until this coming weekend when I'll do a release and make some posts about this. :) Cheers, Solderpunk On Tue, May 19, 2020 at 11:08:09PM +0200, Felix Quei?ner wrote: > Hey List and especially solderpunk! > > I just started to read on the certificate stuff and looked at > Astrobotany [0] as an example application using client certificates. > > Their process looks like this: > 1. Generate private key > 2. Generate a certificate request > 3. Submit your CSR via HTTPS to astrobotany, they will then send you a > signed certificate > 4. Use that certificate to authenticate at astrobotany > > Now i wonder: > Is this the planned way everyone should go? What about self-signed > client certificates? > > I would expect Gemini to use self-signed client certificates for > identitiy management, and even more for transient certificates. > > The documentation on client certificates is mainly ?1.4.3 and the status > codes 61 and 62, but no word about how to obtain these client certificates. > > I think this needs some clarification on how to handle this > > Regards > xq > > [0] gemini://astrobotany.mozz.us/
---
Previous in thread (1 of 4): 🗣️ Felix Queißner (felix (a) masterq32.de)
Next in thread (3 of 4): 🗣️ Felix Queißner (felix (a) masterq32.de)