Currently, the Gemini specification requires client certificates be limited to the URL hostname and path for which they were requested. My Gemini client automatically generates certificates for the user, and this requirement makes it much more complicated to store and load certificates. For simplicity's sake, I propose that client certificates only be limited to the hostname for which they were requested.
---