💾 Archived View for rawtext.club › ~sloum › geminilist › 001106.gmi captured on 2020-09-24 at 02:07:00. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

<-- back to the mailing list

Client certificate musings

Martin Keegan martin at no.ucant.org

Thu May 28 19:28:04 BST 2020

- - - - - - - - - - - - - - - - - - - 

On Thu, 28 May 2020, solderpunk wrote:

I have been having a small semi-crisis-of-confidence regarding the
apparently unavoidable complexity of speccing a robust and flexible
mechanism for in-band authentication with client certificates. Thanks,
by the way, to everybody who emailed me or made posts of their own in
response to that post.
that way, not because there was a clear motivation. So far nobody has
used them for anything and it hasn't exactly ruined the experience.
People have been building interesting interactive things without client
certs so far. The most obvious and compelling use case for client
certificates for me is for people to be able to put up private content
for their own use (a private bookmarking or to-do app, for example), and
that doesn't require anything complicated in Gemini at all, it can be
done ssh style by whitelisting the fingerprint of a self-signed cert, or
traditional TLS style by setting up your own CA.

There is no need whatsoever for a crisis of confidence. I certainly have confidence in your approach to Gemini or I'd not have tried making a server in an uphill language like Erlang. The client certificate mechanismis unfamiliar rather than complex. The unfamiliarity will run into friction in terms of developer resistance and the limitations of existing code and documentation, but those are only two among many elements in the tradeoff. Given time, the limitations of SSL libraries will be better understood or obviated.

Maybe the transient cert thing will take off; maybe it won't. Again, time will tell and it doesn't need to be resolved any time soon.

I have a pretty clear vision for what I'd like to be able to do with Gemini: have a visually tasteful, minimalist, distraction-free reading experience for content that is trivial to publish and trivial to keep just among my friends, and I feel the ecosystem will be there in a few months if not weeks.

Mk

-- Martin Keegan, +44 7779 296469, @mk270, https://mk.ucant.org/