💾 Archived View for rawtext.club › ~sloum › geminilist › 006129.gmi captured on 2023-09-28 at 16:54:10. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Luke Emmet luke at marmaladefoo.com
Tue Mar 16 01:18:03 GMT 2021
- - - - - - - - - - - - - - - - - - -
On 15-Mar-2021 23:59, Sean Conner wrote:
It was thus said that the Great Sandra Snan once stated:
The purpose for this status code is in case someone is looking over your
shoulder in the same physical location. That's why it's fine to be an
LSD (least significant digit / optional) code, it's a snazzy feature
that's nice to have but not mandatory. I think it's a good feature.
It doesn't send it unencrypted (i.e. same as any other request) so it's
not security theatre. It's there so people in the same location don't
see your password.
Do current Gemini browsers include the query string when displaying the
location? If they do in the case of a 10 status, perhaps they should not
for an 11?
Hello
GemiNaut displays the full URI of the current resource being shown - as you might see when using a normal web browser.
My view is that the client should be transparent to the user about the location of the resource they are looking at. It is important they are informed of the actual location and the client should not obfuscate the location. If we start hiding content, the user may not be able to readily actually see the location, which may be a security concern in its own right.
We should not be trying to invent a new semantics for URLs - the population at large understand what they are, how they are used etc.
Ironically the gemini URI scheme does not permit users to put user info (user name or password) into the URI. However the status 11 allows it back in - this is the primary role of this code as far as I understand how people want to use it:
"In particular, the authority component is allowed and required, but its userinfo subcomponent is NOT allowed."
So no I won't be attempting to obfuscate URIs in GemiNaut and it will warn users if the server invites them to put sensitive info into the URI.
- Luke