💾 Archived View for rawtext.club › ~sloum › geminilist › 005986.gmi captured on 2023-11-04 at 13:36:29. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[spec] Client certificate scopes

Omar Polo op at omarpolo.com

Sun Mar 7 08:20:56 GMT 2021

- - - - - - - - - - - - - - - - - - - 

Adnan Maolood <me at adnano.co> writes:

Currently, the Gemini specification requires client certificates be
limited to the URL hostname and path for which they were requested. My
Gemini client automatically generates certificates for the user, and
this requirement makes it much more complicated to store and load
certificates. For simplicity's sake, I propose that client certificates
only be limited to the hostname for which they were requested.

Wouldn't this cause problems with multi-user capsules? e.g. as a user,if I used a certificate for gemini://example.com/~user1/cgi/foo I maydon't want that same certificate to be sent togemini://example.com/~user2/cgi/bar.

Maybe limiting them to a path AND all the descendant paths? So that/~user1/cgi/foo and /~user1/cgi/foo/bar are using the same cert bydefault?