💾 Archived View for sprock.dev › flight-log.gmi captured on 2023-01-29 at 15:37:12. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
author: @sprock
This server now correctly sends TLS `close_notify' on successful response. Apologies to anyone this caused problems for. I had incorrectly assumed that Python did this automatically.
I don't think I've mentioned it anywhere since it basically duplicates information available on the capsule's root page, but I added a security.txt file to my capsule a few months back, as described in:
Why you should add security.txt to your capsule
My birthday is on tuesday, and I am looking forward to (at least) my present for myself, which is due to arrive tomorrow. I suspect that any other gifts will arrive late, as my sister was just asking what I wanted on the call today.
I have tentatively set LetsEncrypt to reuse the key when renewing from now on, which may help some TOFU-only clients. I am still reluctant to fully commit to TOFU, but I understand that is the most common client behaviour. Maybe it would be worth working out and showing how to implement a simple, automatic CA-fallback when there is a new certificate that is not trusted.
When I made this capsule, I intentionally chose to use a CA-signed certificate (from LetsEncrypt) instead of a self-signed certificate. Mainly, this is because I don't love the usage of TOFU and would ideally like clients to use CAs like Lagrange: accepting certificates on a TOFU basis, but verifying changed certificates with the CA. In recognition of the fact that TLS libraries make this non-trivial, I am considering (but not yet ready to commit to) changing my stance. If LetsEncrypt's short expiration times become bothersome, feel free to let me know.
I've been getting occasional HTTP requests to my capsule ("GET / HTTP/1.1"). I don't know how this happens: to my knowledge, there is not link here from HTTP land, so they must support gemini:// to find the capsule in the first place (and using the default gemini:// port, despite it being absent from URLs). These requests are in my logs with the spaces percent-encoded which baffled me at first, but I think this is a consequence of me parsing the URL before logging it, not the client making the request.