💾 Archived View for rawtext.club › ~sloum › geminilist › 000896.gmi captured on 2020-10-31 at 01:54:34. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Tue May 19 22:12:18 BST 2020
- - - - - - - - - - - - - - - - - - -
Howdy,
Yes, massively, you are right. I mentioned this in my recent gemlogpost on TLS, please see:gemini://gemini.circumlunar.space/users/solderpunk/cornedbeef/tls-musings.gmi
This part of the spec needs tightening up, and since we actually havereal world implementations of an application using client certificates Iconsider this a higher priority than some other stuff, which is only apossible future concern yet.
I expect most of the major changes to come shortly after the specunfreeze will relate to client certificates.
I have been thinking about the matter and have coded up lots of clientcertificate related stuff in AV-98 in the past week or so to demonstrateconcrete ideas about how we might want this to work.
Please be patient until this coming weekend when I'll do a release andmake some posts about this. :)
Cheers,Solderpunk
On Tue, May 19, 2020 at 11:08:09PM +0200, Felix Quei?ner wrote:
Hey List and especially solderpunk!
I just started to read on the certificate stuff and looked at
Astrobotany [0] as an example application using client certificates.
Their process looks like this:
1. Generate private key
2. Generate a certificate request
3. Submit your CSR via HTTPS to astrobotany, they will then send you a
signed certificate
4. Use that certificate to authenticate at astrobotany
Now i wonder:
Is this the planned way everyone should go? What about self-signed
client certificates?
I would expect Gemini to use self-signed client certificates for
identitiy management, and even more for transient certificates.
The documentation on client certificates is mainly ?1.4.3 and the status
codes 61 and 62, but no word about how to obtain these client certificates.
I think this needs some clarification on how to handle this
Regards
xq
[0] gemini://astrobotany.mozz.us/