💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › slrntiu5ho.2bp.mbays@ma.sd… captured on 2023-06-14 at 14:22:15. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
From: mbays@sdf.org
Subject: Re: Client Certificates
Date: Sat, 24 Sep 2022 14:37:44 GMT
Message-ID: <slrntiu5ho.2bp.mbays@ma.sdf.org>
On 2022-09-21, noscript <name@example.com> wrote:
When a client creates a certificate for a server gemini://example.com,
does it send the certificate for all request to the server?
Here's how it's mean to work, taken from the Gemini spec:
| A client certificate which is generated or loaded in response to such
| a status code [60-62] has its scope bound to the same hostname as the
| request URL and to all paths below the path of the request URL path.
| E.g. if a request for gemini://example.com/foo returns status 60 and
| the user chooses to generate a new client certificate in response to
| this, that same certificate should be used for subsequent requests to
| gemini://example.com/foo, gemini://example.com/foo/bar/,
| gemini://example.com/foo/bar/baz, etc., until such time as the user
| decides to delete the certificate or to temporarily deactivate it.
| Interactive clients for human users are strongly recommended to make
| such actions easy and to generally give users full control over the
| use of client certificates.
There are URLs which a reachable without client certificates (like
CDG) and when the client has a certificate there are additional links.
In the case of CDG, this means that if you try to add a link in
a certain category and create/select a certificate for that purpose,
then your client should then also apply it to all requests for that
category or its subcategories. So if you add a link, you should then see
the "edit" option for it when you list the category.
Parent:
Client Certificates (by noscript <name@example.com> on Wed, 21 Sep 2022 18:19:59 -0000 (UTC))