💾 Archived View for rawtext.club › ~sloum › geminilist › 005986.gmi captured on 2023-11-04 at 13:36:29. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Omar Polo op at omarpolo.com
Sun Mar 7 08:20:56 GMT 2021
- - - - - - - - - - - - - - - - - - -
Adnan Maolood <me at adnano.co> writes:
Currently, the Gemini specification requires client certificates be
limited to the URL hostname and path for which they were requested. My
Gemini client automatically generates certificates for the user, and
this requirement makes it much more complicated to store and load
certificates. For simplicity's sake, I propose that client certificates
only be limited to the hostname for which they were requested.
Wouldn't this cause problems with multi-user capsules? e.g. as a user,if I used a certificate for gemini://example.com/~user1/cgi/foo I maydon't want that same certificate to be sent togemini://example.com/~user2/cgi/bar.
Maybe limiting them to a path AND all the descendant paths? So that/~user1/cgi/foo and /~user1/cgi/foo/bar are using the same cert bydefault?