💾 Archived View for rawtext.club › ~sloum › geminilist › 001018.gmi captured on 2020-09-24 at 02:10:37. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Sun May 24 16:49:19 BST 2020
- - - - - - - - - - - - - - - - - - -
On Sun, May 24, 2020 at 12:33:17PM +0200, Katarina Eriksson wrote:
It would be nice if we had a separate status code for password input, say
11. Simple clients could treat this as a 10, intermediate clients could
hide user input behind asterisks and advanced clients could ask to make a
call to the password manager (set up in advance) or whatever other
convenience system there might exist.
This has been mentioned before but I didn't want to dig through the archive
again. Sorry for the sidetrack.
Yes, I proposed precisely this along time ago. It never gained muchtraction, but then it's only very useful on top of a client certificateand *they* are only just now starting to see use, so maybe it's not toosurprising.
I think I will add this to the spec. It's very little effort forclients to handle, and it degrades well enough in a client thattreats 11 as 10. People will probably do the usename/password thinganyway even without it, so we may as well make it possible to protectagainst shoulder surfing.
Cheers,Solderpunk